Every now and then you receive a mystery email from a friend. It includes just a link, and you notice it has been sent to everyone in that person’s address book. Or you might receive a direct message on Twitter saying, “Hey, someone’s saying bad things about you”, and it includes a link to a dodgy website.
When this happens, you know your friend’s account has been hacked. I know of someone who had his WordPress site hacked. The home page had been changed to a blank page with a simple message that said, “you’ve been hacked.”
Impact of Account Hacking
The impact of these nuisance cyber attacks varies from having to change a password and be done with it, or having to reinstall your website from back-up, if you have a back-up that is. Imagine if you didn’t! It wastes your time and it can waste your money.
How to Avoid Being Hacked
There’s no foolproof way to avoid being hacked, but making it more difficult for the bad guys to access your account, helps. Making your password hard to crack is one way of doing that. Of course, people like to have passwords that they can remember so they use names, dictionary words or worse, “password” or “123456”. Passwords like this can be cracked in a matter of minutes.
But I Only Have a Small Website
Don’t think that just because you are a small business owner with small website, that you won’t be a target for a hacker. The hacker is indiscriminate, because it is not someone physically sitting at the computer deciding where they might target. Rather, it is a computer program the hacker has created to trawl the internet looking for ways in.
Malicious Code May Have Been Installed
Once the security of your site has been compromised, there’s no telling what malicious code could have been installed. It may install a back-door so that the hacker can gain access at a later date – after you’ve worked hard to restore your content.
Use Complicated Passwords
It is important to use complicated passwords that don’t include dictionary words, names or simple number combinations. Your password should be a combination of numbers and letters in both uppercase and lowercase. It should include characters such as @#$%^&* and it should be at least 8 characters long – the longer the better.
You might be wondering, “How will I ever remember that?” Well, you don’t have to; there are password management programs out there that will help you to keep track of it all.
LastPass
I’ve been trying out the free version of LastPass for a little while, and so far I’m finding it to be very helpful:
- I just downloaded the add-on, I created one master password for my account and it searched my browser for all my saved passwords and put them in a ‘vault’ of passwords on the LastPass server. These passwords are encrypted/decrypted locally on my own computer, so the folks at LastPass never know what they are. Only the encrypted password is synced with LastPass’s server.
- It alerted me to all the insecure passwords I had. Not only did I have a lot of duplicate passwords – one password that I used on many different sites – but I also had passwords in there for sites where I didn’t even remember having an account!
- When I’m signing up for new sites, I can easily generate strong passwords and store them on LastPass.
What If LastPass Isn’t Accessible?
I was concerned that if LastPass’s servers were down that I wouldn’t be able to access my password, but LastPass said on their website:
When you login to the Internet Explorer, Firefox, Google Chrome, Safari, or Opera plug-in, LastPass downloads and stores your encrypted data. If we’re offline you’re still able to login in offline mode, but you’ll be unable to add or change sites while LastPass is off the air. You still will be able to export your accounts if you’re running the plug-in.
What About Access from Another Computer?
Then I was wondering what would happen if my computer went down and I had to access my accounts from a different computer. Apparently if you’re on a friend’s computer or traveling, you can access your sites from https://lastpass.com/ at any time.
What About Mobile Phone Access?
What about access to my accounts through my mobile phone? You can upgrade to premium and install and sync LastPass on all your devices.
Does LastPass ‘Make’ Me Change Passwords?
Being a Virtual Assistant, I have need to access accounts on behalf of my clients. I didn’t want this software to ‘make’ me change passwords that were not mine to change. LastPass gives me complete control over which passwords I change and if I want to, I can set it to prompt me to change my passwords periodically, which is also ideal.
I’m a Kid with a New Toy
All in all, I’m really pleased with LastPass; I’m like a kid with a new toy. I’m changing all my passwords to really complicated ones, and in my spare time I’m organising my passwords into groups within the vault and weeding out accounts that I no longer wish to access.
So do you think you might tighten up your password security as a result of reading this? Do you recommend any other password management programs?
If you found this information useful, please share it on Twitter, Facebook, Google+ or a social media channel of your choice.