It’s always a smart idea to change your passwords frequently, and this is especially important when you are traveling and when you return from your travels. When you travel, you probably connect to unsecured wireless connections or possibly to monitored Internet connections, where you are putting data at risk.
I am not a security expert, but I would imagine that stealing passwords and/or hacking accounts isn’t too difficult for many computer experts. Making sure your passwords are updated is common sense, but I don’t always change them frequently, so this is a good reminder for me and hopefully for you.
Here are a few password protection tips:
- Change your passwords monthly or at least somewhat frequently, and as soon as you return home from a trip
- Make sure your passwords don’t overlap for email, registrar accounts, forums, bank accounts
- Use different user names for different websites and accounts when possible
- Use a password generation tool to make sure your passwords are random
- If you use Gmail, check your filters (in preferences) every so often to be sure someone didn’t log in to your account to create a filter that sends your email to someone else
A friend of mine suggested to me awhile back that another good idea is to have your passwords stored in encrypted files — that way you are copying and pasting the password instead of actually entering it which allows you to be safe from malware which monitors keystrokes.
I think a lot of people don’t realize how quickly computers can crack passwords. Many people have simple passwords such as dictionary words or dictionary words followed by a number — there’s only so many possibilities (eg. most of the words in the dictionary are unlikely to be chosen for passwords, so it’s not like you have to try all the words) and if someone tries one combination after another (easier done than said), they will eventually crack your password if you keep it the same for long enough. There are free scripts people can download to automate the process, so someone could literally be trying to crack your password 24/7 provided the site doesn’t boot them off after a certain number of failed login attempts.
I always try to throw in random symbols such as #, @, etc into my password whenever it is allowed to make it more difficult. Password generators are great to use so long as they don’t follow a easily determined algorithm which is unfortunately difficult for us non-expert computer users to know.
Good reminder. Once you change your password, remember it too, should be another tip. Just kidding.
That is a very good point of copying and pasting the password instead of keying in.
Also its a good idea to close all unwanted windows/tabs(especially unknown websites) when you are keying in your username & password.
1) Always, always, always connect to sites that use https, that is SSL digital certificates. This ensures that the data in the communication from your PC (or Mac or Cell phone, or PDA or Blackberry or whatever device you use) is encrypted, therefore much much harder to eavesdrop by any “man in the middle”.
2) If you have to login to a mail server, also use cryptographic mechanisms, for both incoming and outgoing email. This applies to any mail protocol you may be using SMTP, POP3, IMAP, etc. all of them support using SSL (and some other crypto schemes), ask your provider to implement them, I never connect to any of my servers unless it is an encrypted session, of course, we manage our own servers which is a plus for us…
3) Never talk to anyone about your passwords, even if they request if by email, by phone, etc. If you can’t login it is better to wait than loosing control of your accounts and data. In other words, dont fall prey of “social engineering” techniques where you are talked out on revealing your password or enough info that may help the crooks find out your password.
4) Lastly, always use common sense. Sad to say, it is the least common on senses ! But indeed think what your are about to do, where you are, and how are you connecting to the net when logging into your Internet services….
My 2 cents.
Kind regards from, Marrakech Morocco (this time),
normally kind regards from Mexico City.
It’s a good idea to change your email password before and then again after you your travels. Lots of people use the same password for many accounts, hence the suggestion to change it before and after trips, that way you don’t have to change 10 other passwords too since you’re using the same one for many things. 🙂
And yes, getting your password on a wireless connection or hotel room internet connection is very easy if you’re not using a VPN or HTTPS even. Sorry to say that you need to assume someone is listening, to be sure.
Here’s a great secure password generator tool.
It’s also extremely important that your password have at least 3 characteristics; however, 4 if possible. Also, I like to use conventions for my passwords, so they are always different for each login, but reference something I can remember.
Another great secure password generator (desktop tool):