The FIRST and most important rule I would
like to suggest is NEVER --- EVER enter a password from a link that arrives in
an e-Mail. Scammers set up bogus "phishing" sites that are expert counterfeits
of bank sites, and will appear to be genuine. This is the easiest way for a
scammer to get your passwords and access to your money. If you get an email that
APPEARS to be from
PayPal™ or from any
other financial institution asking you to "verify" or "update" your account
information, chances are it is an attempted scam. Do NOT reply to these emails,
or click any links in them. DELETE THEM IMMEDIATELY. I have posted a few dozen
examples of "phishing" e-mails on
http://starturl.com/zneda. If you have any concerns about your bank
then go DIRECTLY to their Web site from your browser's URL window and check the
status of the account. Any messages from the bank, et al. will be posted
in your message section when you log in to your account.
The NOT TO DO "Short List"
Never respond / click on links in
emails from banks or any financial institution.
Never go to a bank / payer account
from an e-mail link.
Why? Links in e-mails
often take you to a "replica" of a legitimate Web site, where the
information you enter goes directly to the crooks. Replying to these emails
confirms to the crooks that the email address is valid, and may allow the
more technically advanced of them to
"phish" your computer's IP address as
Never enter a password on a library
computer, or a computer in an "Internet Cafe'".
Why? Crooks can install
software on public PCs called "keyloggers" which store every keystroke in a
file. After you leave, the crooks can retrieve this file and see every
keystroke you made, giving them access to your password and log-in
information. You can avoid this by using a "Roboform 2 Go" security key (see
Your passwords should not be any word
that can be found in a dictionary.
Why? Some "hacking"
software uses the words in a dictionary in automated attempts to gain access
to your account. Although this may take some time due to limitations on how
many attempts can be made during a logged-in session, the software persists
until it exhausts all the words in the database, during which time you may
not be able to log in to your own account.
Your passwords should not be a pet's
name, or the name of a family member.
Why? Anybody who has
even casually met you can get access to your account.
Your password should NOT be your
mother's maiden name as some banks require.
sites and public records can be accessed by anyone. If your bank of
financial institution asks you for your mother's maiden name.... MAKE ONE
Your passwords should not be
birthdays, or dates of any sort.
Why? Anyone who
casually knows you or logs on to a genealogy site can get birthdays, etc.
Have different passwords for every
Why? The compromise of
ONE account will not affect the others. The problem of remembering a zillion different
passwords is addressed in the "DO" Short List, below.
Passwords should be at LEAST 8
characters long where possible on the site being accessed.
Why? Longer passwords
are exponentially more difficult to "hack".
Passwords should not make ANY sense -
except to you.
Why? If the password
makes sense to anyone except you, it should be changed.
Never write passwords down. If you
must, store them in your PDA under a master password that follows these
rules, or use a "Roboform 2 Go" USB key (see below).
Why? Writing passwords
down defeats their purpose.
Make your passwords case-sensitive
whenever possible; i.e.: dbx7Gh5Rs2
passwords - especially when they include mixed letters and numbers - are orders of magnitude
harder to "hack" and impossible to "guess" - especially if they don't make
The DO "Short List"
Change your passwords often. If you
find all these different passwords difficult to remember, then the next
suggestion is the solution for you.
Why? Trying to "hack" a
changing password is like trying to hit a moving target - it is much more
If you buy or sell on eBay, or do ANY
purchases online you should get a
with a security key.
Why? The security key
adds another layer of protection, however, even this is not foolproof if
you're not careful.
Read my article on
To keep passwords OFF your computer,
and to safely be able to use other PCs (even library and Internet Cafe PCs)
get a copy of "Roboform 2 Go" See:
http://www.roboform.com/pass2go.html This program stores your passwords
(so you don't have to remember them, and you therefore can make them as long
and as complicated and as totally nonsensical as you wish) on a standard USB drive (if you don't have
you can get a USB drive here). With this program, you will have access
to all your password / log-in information, and it is
D.E.S.-encrypted on the USB
drive. When you remove the USB drive from the computer, the program unloads
itself, and there is no trace of the passwords left on the computer. See the Roboform Web
site for other security products as well. I personally use one, and it is
very convenient and safe.
Why? The small
investment you will make in a USB drive and the software to load onto it, is
a ONE time investment that easily protects your security while also solving
the problem of remembering every password for every account you have.