7 Things You Should Know About Online Passwords

As online technology has advanced, so have hackers techniques for getting into your accounts and stealing personal information. Hackers break into computers 2,244 times each day by figuring out weak usernames or passwords, according to University of Maryland data. If you’re still using the same password you made up when you opened your first email account, you are setting yourself up to be a hacking victim. But don’t worry; read on and learn how to set those Internet geniuses-gone-wrong up for failure by knowing the essentials about online passwords.

1.You need different passwords for each site

Since passwords are so hard to remember and you sometimes don’t sign into a site for months, many people have one or two passwords they use for everything. This is an easy way for hackers to get access to your accounts. Hackers will infiltrate sites that aren’t very secure and uncover the passwords used there. Then they run them on all the most popular sites; if you use the same password across the board, they can easily access several of your accounts. By using a different one for each site you log into, you’re not handing them your life if they figure out one password.

2.Longer passwords are harder to hack

It obviously takes less time to type in a five-character password than a 15-character one, but that also means it will take less time for an Internet burglar to figure out. Most of us probably don’t have the interest or the determination to break into someone’s account, so it’s hard to imagine going through enough combinations to find out a five-letter password. Hackers have advanced programs, though, that allow their computers to go through hundreds of possibilities every minute. Each letter, number, or symbol you add to your passwords multiplies the time it takes to figure it out, hopefully frustrating the hacker enough that he gives up. A six-letter password that’s all lower-case takes 10 minutes to hack while an eight-letter one takes four days.

3.You shouldn’t use a word from the dictionary

A dictionary attack sounds like something an overworked English teacher would do, but it’s actually a method of hacking passwords. Many hackers use automated password-guessers that go through the words in the dictionary to try to crack yours. If you’ve used any common words, there’s a good chance that a person equipped with the right tools will be able to break into your account very quickly. By combining two or three dictionary words, you increase the amount of time it will take to guess it exponentially. By adding symbols and numbers in the middle of words, you protect yourself almost completely from a dictionary attack.

4.Humans tend to choose passwords with personal meanings

Because we as humans are so forgetful, our first instinct when choosing a password is to think of words that mean something to us personally. This makes our choices very predictable to hackers. Pet names, favorite sports teams, birthdays, and other personal bits of information are some of the most commonly used passwords, so if anyone knows even a little bit about you (or can find it on Facebook), you could be in trouble. Stay away from using your own name, names of people in your family, or any memorable dates. It should go without saying that you shouldn’t be using “123456″ or “qwerty.”

5.Passwords need to be changed regularly

Some offices and organizations require you to change your password every 90 or 180 days, and while it seems like a hassle, it’s actually a smart practice to do with all your accounts. This is especially important to do with online banking sites or shopping sites where your credit card information might be stored. It’s also necessary if you access any accounts on public or shared computers because your password may be stored without you knowing it and some hackers use programs that record your keystrokes. By regularly changing your password to something completely different, you lower the risk of any major damage being done if someone did manage to hack your account.

6.There are guidelines for creating strong ones

Now that you know you shouldn’t use common words or your dog’s name to access your online accounts, you might wonder what you should use instead. Most Internet security experts recommend having a password that’s at least 8 characters long with a mix of capitalized and lower-case letters, numbers, and symbols. A common technique for avoiding easily guessed words is to put three unrelated words together and make up a short story that involves all three so you can remember it. You can also use the first letter of each word in your favorite line of a song or movie. Change out a couple letters for numbers or special characters, and your password should be too much trouble for a hacker to figure out.

7.Password managers can help you keep track of them all

Once you’ve updated all your passwords to long strings of letters and digits, you’re probably going to forget one along the way. Security experts say it’s a bad idea to write down a list of all your passwords and leave it on or near your computer because someone could easily steal it. The smartest alternative is to use a trusted password manager, which can be web-based technology, software you put on your computer, or a portable device. Password managers keep track of your various passwords and often protect against keystroke recording programs and look-alike sites that hackers use.

source:
Background Check

I recommend EHN Magazine "Password is 123456" to know more about the Passwords risks and Security tips .
.

Could Your Bad Password Habits Come Back To Haunt You?

According to Business Insider, the CEO of a major social network used its trusted database of user passwords in order to hack into one of its user’s email accounts. The hack was based on the guess that this user probably accessed all of their accounts using the same password.

Although the cloud has provided us with some amazing new tools, it’s also created the need for increased end-user education and policy enforcement.

Yes, it’s true that nearly all cloud providers act ethically. They invest heavily in security as a means of protecting their reputations. But also, there are laws which strictly dictate how they must handle and protect their client data.

In fact, most data leaks and privacy breaches are the result of “insider jobs” by people who had physical access to the victim’s computer or storage media. (It would be much easier for me to steal your laptop from your home, than for me to break into Google’s datacenter and steal the hard drive that stores your Gmail content).  But it only takes one bad apple or one security leak to put your password into the wrong hands. And once that happens, then all of the other accounts which depend on this password will be compromised.

There are a number of ways that you can protect yourself from the possibility of having your password stolen in this manner.

One simple way would be to make use of sites which feature single sign-on (such as OpenID), or where a single login would let you access multiple services (like your Google account). There are also a number of specialized apps which let you manage multiple online accounts from a single interface.This has the advantage that your credentials are only stored in a single central repository. (Every time you make a copy of a password, the chances of a data breach go up).  Of course, this still leaves you open to a breach in the event that someone steals your password, but at least it makes such breaches more difficult. Also, such a breach might leave suspicious activity patterns that could get flagged and blocked. (ex: Many SaaS providers can block or flag access coming in from a anonymizing proxy)

The ideal scenario would be to have some sort of multi-factor authentication that requires access from a specified IP address. At the moment, only a few SaaS apps offer this ability.

If you choose to aggregate your credentials in this manner, you should only do so for low-priority online services. Any services that require the handling of sensitive information should have their own dedicated unique highly-random passwords.

Another method for managing multiple accounts using a single set of credentials would be to use a single password which is scrambled using a hint that is unique to the account in question. For example, a user whose password is “pUpp1e5” could combine this password with the web site name and create an MD5 hash where the first 10 characters would be the new password.  So the password+site string “pUpp1e5 salesforce.com” might hash to “50f49dd6f3f838fb74ca1b7de5898c48”. And the new password would be 50f49dd6f3.
But the absolute best way to prevent you passwords from being used against you would be to generate and memorize completely random passwords for every account you open. Although this takes a bit of discipline, it’s not as hard as it sounds.

Many people will rely on mnemonic systems which turn these passwords into easy-to-visualize sentences.
For example:
“Y!14gtP” could be turned into “Yolanda surprised 14 green turtles named Peter”
Although these mnemonic systems are ok for short-term memorization, I’ve found that their effectiveness is overrated. For a number of reasons - which would take too long to go into for this article – I find that there’s no substitute for good old-fashioned memorization through repetition.

Here is a technique that works for me.

• Step 1: Generate a random password and memorize it mnemonically or write it down somewhere safe. (Maybe an encrypted file)
• Step 2: Log in and out 5 times in a row to build muscle memory.
• Step 3: The next day, log in and out again 5 times using the new password.
• Step 4: One week later, log in and out again 5 times using the new password.

You can now go ahead and destroy the written or saved copy of the password. By this point, you should have the password memorized for life. (Or until you’re ready to change it again)
Now that we’re living in the “cloud age”, users need to be more aggressive than ever when it comes to maintaining effective password management habits.

About The Author:
For over ten years, Storagepipe has been providing online server backup services that help companies maintain the safety, security and confidentiality of their private data.

TrueCrypt ~ Protect your files/folders with Encrypted Passwords

Do you store your accounts id ,password or any other confidential info in plain text?  If you say yes, You must read this article.

Risks of Storing confidential data in Plain Text:

1.  Your friends or any other who has access to your pc are able to view your confidential data.  Because it is in  simple text.
2. Malwares/spywares are able to send the data file from your pc to Attackers system.  This time your data are really in risk.
3. If you have any confidential files(Eg: important company projects) without passwords , others may get access to your pc and steal the information.

So Here i am going to introduce a new Security Tools known as TrueCrypt(Best and my favorite tool).

What is TrueCrypt?

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc)

More info about TrueCrypt:

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations).

Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM.

Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt.

Let's suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

Main Features:

• Creates a virtual encrypted disk within a file and mounts it as a real disk.
• Encrypts an entire partition or storage device such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly) and transparent.
• Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
• Encryption can be hardware-accelerated on modern processors.
• Provides plausible deniability, in case an adversary forces you to reveal the password:  Hidden volume (steganography) and hidden operating system. 

How to Protect Microsoft 2003 documents using password?

Sometime we need to protect our Microsoft document like word,powerpoint.  It may have  confidential data.
 ,so we have to protect using password.  In this article will guide you to create the password protected document.

Open the Microsoft document or create New Microsoft document(whatever word,powerpoint...)
Select  the save or save as from File Menu