As a company that prides itself on security, we realize that the internet can be a very dangerous place if one is not prepared. This is becoming more and more apparent with the constant bombardment of reports about servers being hacked and personal information stolen. We wanted to dedicate a series of blog posts to general security tips to keep you safer on the world wide web. As our initial blog entry, we are going to talk about the password. If you have any tips of your own, comment below or tweet us @Send_Anywhere.
1. Do Not Use the Same Password for Any Two Accounts
There has been a rampant increase in hackers stealing passwords and selling them for Bitcoins. What usually happens in major hacks in which passwords (see: Dropbox) or images (see: Snapchat) are stolen is hackers will target smaller third-party applications because they are usually run by amateur programmers who don’t have the security precautions in place that a major company would. These hackers know that people never change their usernames or passwords so once they’ve hacked the third-party app, they’ve got free reign over the internet. For instance, the Snapchat hack occurred when a third party application that stored Snapchat’s images misconfigured an Apache Server that opened the door for hackers. The resulting fallout was 1/2 TB of data stolen almost instantaneously. The fallout from the recent Dropbox hack? Allegedly 7 million stolen passwords although this number is disputed.
Recommendation: Never reuse the same password or similar passwords (e.g. “supernicepassword1” and “supernicepassword2”)
2. Make Your Passwords Complex
We cannot stress enough how important is it to make your passwords unique and complex. The more characters the better. We understand managing all of these passwords can be burdensome which is why we recommend applications such as Dashlane and 1Password. These free applications allow you to generate random passwords and securely store them so that you never have to remember that crazy 30-character password you created for your Gmail account.
Recommendation: Use applications such as Dashlane and 1Password for all your password needs.
3. Two-Factor Authentication
More and more websites, especially email clients, are giving end users the option to perform two-factor authentication when they sign on to their accounts. This usually involves the end user’s phone being sent a text message with a six-digit code to input into the website to prove the correct person is logging onto the account. Many people view this as unnecessary but it could prove very helpful if your account information was ever leaked on the web.
Recommendation: Always use two-factor authentication.
Check in tomorrow when we discuss websites and the hidden traps that may lie within them.