Many websites track their visitors in some way, but it is usually confined to their activity while on their website. You'll know this is true when you see a banner or sidebar box showing the products or topics you just viewed, or when you get an email that you left an item in your cart that you chose not to purchase, or that the product was all of a sudden reduced in price.
Some sites slip extra permissions in the clauses of their terms of service (TOS), which most people don't read. They'll say by accepting the TOS that you are giving them access to your friends list. If they don't tell you this up front, you'll find out when your friends say they are getting many more popup and sidebar ads. It's all legal, as long as each visitor accepts their terms of service.
A strong password is not going to help you on those kinds of websites. The best you can do is to leave the site as soon as they tell you they want to access your friends list or if their TOS requests or permissions goes beyond the scope of using their site.
It is almost impossible not to accept cookies but you can and should customize your preferences and restrict their access to the least amount of your personal information.
How Did They Know That?
Some websites want their new visitors to create an account. When they come back on their next visit, usually they are required to verify their identity using multiple-choice security questions. The correct answer will always be one of the choices and the website will know if you select the wrong answer because they only choose questions with answers that are already public information, like the year/model/ or color of your first car; the street you lived on in a particular state; or the name of your grade school.
Just know if they used public information for their security check questions, then even an amateur hacker knows that information too and can hack your account in a heartbeat.
Passwords are also tracked on many websites. To remember screen names and passwords, many people tick the "Remember Me" box. It really is so easy - too easy - because if your computer is remembering your login information, then so is the website. How else will they know if you entered the correct login information?
Make It Long and Strong
A hacker assumes that you re-used the same password, or a variation of it, from site to site. Stop doing that because you are making the hacker's job very easy. The one thing that will make a hacker move on to other victims is if he has to waste too much time trying to crack your password.
Internet security experts say that the best passwords are between 18 and 26 characters long, with a combination of upper and lower case letters, sprinkled intermittently with numbers and symbols. Don't use a real word as any part of your password. If you do, then mix it up by inserting numbers and symbols after each letter.
If you use a short personal password that defines you, think about which of your friends and associates know that about you too. Then go change it to something else.
Your password box on each login screen shows an asterisk for each letter or number which tells the length of your password. If a hacker sees a lot of asterisks, he will know your password is a combination of random letters and numbers, will give up, and find someone else to hack.
Hacking is a time-sensitive activity. He must get into your account, steal it and get away as fast as possible.
Choosing Passwords
The most common passwords are the names of your pets, so it should go without saying that you should never use the names of your pets as a password on any website and certainly not on multiple websites. It's too easy to forget that you mentioned their names on a photo, or you talked about them on a blog, or in a comment on Facebook.
A hacker who figures out one password for one of your accounts will keep trying it because he hopes you used it on other websites too. Don't give him that satisfaction; use different passwords. If you must use familiar names and passwords, then add digits or symbols up to 26 characters.
Most people generally have a harder time choosing the beginning of their password, but adding numbers and symbols seems to be much easier.
So you might be thinking "How will I ever remember so many different passwords?"
There's an app for that!
In the early 2000s, the advice to remember passwords used to be to make up a sentence so the first letter of each word corresponded to each character in your password. The sentence idea wasn't the best because people who couldn't remember a password were expected to remember the sentence they used for each site.
Gone are the days when you had to write down your passwords in a notebook, or forward your newest change of password to your email for safekeeping, most likely put in a dedicated folder.
By the way, keeping your passwords in one of your email folders is not as safe as it used to be because emails tend to get hacked much more often than Facebook accounts.
The best way to remember your passwords is to let something else do the remembering for you - a password manager.
Some people shy away from this idea because they don't understand how they work or they don't want to learn something new. You will see that password managers are easier to use than you might think.
Password Managers 101
Anyone who has been hacked in the past may think they need to buy an expensive password manager, but it really isn't necessary.
Some add a few bells and whistles to make them more attractive or to validate their price. Some have built-in password generators to offer stronger passwords. Others protect your credit card and bank account numbers by offering encryption.
Today's most popular internet security measure is requiring two-step authentication where a code is sent to your email or cellphone before granting access to your information. This only works well if you have the same cellphone or email at the time they send the code.
We know one guy who set up his Facebook account with one phone number and ten years later when someone reported him so that his identity was called into question, the code was sent to a phone he no longer owned. He got his account back by answering security questions.
We know a gal who was locked out of her Facebook account because it was hacked. The phone number and security questions were no longer valid because the hacker changed them when he took over the account. She had to make a new Facebook account and try to get back hundreds of friends.
So for the two-step authentication to work, you have to change the information each time you get a new phone number or email address.
For purchasing password managers, the prices range from free to $100 and some are sold by yearly subscription. By the way, if you have a Norton virus protector, one of the features is a Password Vault which is free with your Norton purchase.
We don't like to wait for a code to get access to our information so for us, a password manager has to be simple and free. We don't think that paying for one makes it function any better. It either works or it doesn't. Your money isn't going to make it work any better.
The main idea is to keep all your "different" passwords in ONE place guarded by ONE master password.
So the first thing you'll need to do is to make one really terrific master password, preferably using 26 characters. After that, every time you create a new account or change a password, you will be prompted to save the login information to your password manager.
Which password manager you use depends on what you want it to do, how easy it is to use, and the way you want to access your passwords.
Review of Password Managers
In no particular order, here's a little info about the most popular password managers.
CHROME
If you use CHROME web browser, you don't need anything else.
The Perks: it has a built-in password manager that prompts and remembers your passwords as soon as you type them. All you have to do is sign-in to CHROME with ONE password. Then when you go to any website, your password will be auto-filled.
Another advantage of using CHROME is that your password manager and your bookmarks are available across all your devices as long as you are signed in to the same CHROME account.
The only downside is if more than one person uses your device, they will already be signed in to your CHROME and can access your password manager. So if you are the only user of your device, CHROME is a good choice. The link gives you step-by-step instructions.
LASTPASS
LASTPASS is a password manager and password generator. There are extensions available in your App stores for Chrome, Firefox, Edge, Safari, Opera, and Microsoft.
The Perks: It has two-factor authentication, automatic password capture as soon as you create a new password, auto form-filling, and a separate Secure Notes feature that stores bank account and social security numbers, etc. As with all password managers, you have to create an account.
Keeper
Keeper is available for Windows, Linux, MacOS, Android, IOS and has extensions in your App stores for various web browsers.
The Perks: Unlimited passwords, storage of your payment details and a built-in auditing tool that alerts you when passwords are used more than once, or if a password is particularly weak and needs to be made stronger.
Symantec Norton Identity Safe
Norton Password Manager and Generator |
You don't have to buy a Norton Anti-Virus to get the Symantec Norton Identity Safe password manager because it is free in your App Store. It is both a password manager and a password generator.
The Perks: besides the security of having Norton's name on it, this password manager and password generator helps you to make strong passwords using prompts. It has a Safe Web feature to alert you to malicious web pages and an automatic password prompter to change a password whenever it is used on more than one website. You can either download the program or go to your Extension store to add it as an extension.
Enpass supports these operating systems: Windows, Mac, Linux, IOS, Android, Chrome OS, and about seven others.
There is a pay version, but here are the Perks for the free version: Offers cloud backup, fingerprint support, password generator, web form autofill, and data import. It has separate vaults for personal, work, and family passwords.
The downside: Enpass limits storage for Android device users to 20 passwords, so if you are a heavy website user, you might want to skip this one.
LogMeOnce Password Manager
LogMeOnce password manager has a free and a paid version.
The Free Perks: Gives emergency access to photos only. There is a kill switch for wiping off data stored on any device that is stolen, and a secure wallet for storing credit card and banking information.
An automatic password changer prompts you to change passwords at timely intervals. LogMeOnce also allows you to add a person as a beneficiary who can take control of your account if something happens to you.
True Key (owned by McAfee)
True Key password manager supports Windows, MacOS, IOS, and Android. It supports CHROME, Firefox, and Edge web browsers.
The Perks: You can sign in using 1) a password, 2) facial recognition, 3) fingerprint , 4) Windows Hello, or 5) two-step authentication.
You aren't required to have a master password if you use two-step authentication. It has a password generator to help you make stronger passwords, a digital wallet to store financial information, and it encrypts your login credentials if you use the manager on more than one device.
The downside: The free version only allows you to save 15 passwords, while the paid version allows you to save unlimited passwords. So if you have more than 15 passwords to store, True Key isn't for you unless you want to pay for it.
The free version of Dashlane password manager stores 50 passwords but only for ONE device. You will need to put a separate Dash Lane password manager on each device.
The paid version (about $5/month in 2019) allows access on unlimited devices, an unlimited number of passwords, cross-syncing, and cloud backup.
The Perks: Dashlane is available for Windows, Mac, IOS, and Android operating systems. It has a strong password generator tool to help you make the best passwords, and emergency contact option if you forget the master password. Dashlane uses Secure Notes to store bank and credit card information.The downside: the free version is only for one device, so if you only have one device, this is a good choice.
We know this three-part tutorial was a lot of information to digest at one time, so please read it over once, then come back later for another read. We hope this tutorial will discourage you from using the same password on multiple websites.
Please let us know how we are doing in the comments. Thanks for stopping by.
No comments:
Post a Comment