For many of us the computers and devices we use often take on multiple roles, being used for personal use such as movies, Facebook and online banking to business use for cataloging, bookkeeping and office management. These devices have a plethora of our private information on them and for those of us with broadband access they’re connected to the internet continually.
The most common attack ‘vectors’ (methods of infection) are from spammed e-mails sent from these criminals containing malicious links to websites that will attempt to gather your information (Phishing), drive-by-download web-surfing attacks and ‘Worms’ and ‘Trojans’ that are bundled into other more reputable software packages that install themselves during the installation of the primary program.
Keeping our systems safe and protected is paramount. In order to do this properly we do not need to spend huge sums of money either, with the use of 3 freely available programs and using a password file we can secure our systems against most malware and account entry attacks.
The first thing to make sure you have enabled on your machine (if you’re a windows user) is Windows Firewall. Windows Firewall sits between your computers internet connection and your data. It’s the first line of defence against intrusion into your computer. Sometimes certain applications will need slight modifications to Windows Firewall in order to properly function, however software packages that do need modifications done will usually state so in the documentation and/or installer.
Windows Firewall blocks ‘ports’ on your machine that are not used (explicity marked as blocked) and keeps port scanners and other non-authorized software from accessing your machine externally.
The next software package we need is an Anti-Virus/Anti-Malware scanner. You can spend all sorts of money in this area, ranging from purchase-only products such as Symantec Antivirus, Trend Housecall and Sopho Antivirus to free for download products such as Microsoft Security Essentials and LavaSoft Ad-Aware.
Microsoft Security essentials is a great product for Windows users, it provides real-time protection for your PC and helps guard against viruses, spyware and other malware. One thing I’ve noticed is that Microsoft Security Essentials doesn’t slow down a computer as much as other products such as Symantec, it’s very lightweight and for the price (FREE), you can’t beat it!
As a last line of defense, I always install Lavasoft Ad-Aware, it’s a great product and it’s also free. Recently LavaSoft released “Free Antivirus+” which is it’s Antivirus offering, by combining both Ad-Aware and Antivirus+ you have a complete solution much like Microsoft Security Essentials.
After making sure your Windows Firewall is enabled and installing an Antivirus and Anti-Spyware software package, there is only one more thing we need to think about, protecting our access to our data by using an encrypted password manager, such as LastPass or KeePass.
In this blog post, I will talk about KeePass, as it’s what I’ve used for years and there is a KeePass version for every major computer and mobile operating system. How many of us, due to being unable to remember passwords like to re-use the same password every time we sign on to a new service?
The trouble with using the same password everywhere, is that whomever gets ahold of your password, gets access to your entire digital life. For many of the services we use on the internet we’re constantly required to make an account, be it for browsing a particular catalog, adding a comment to a blog or signing into a new social networking site. If someone breaches some obscure account that was made on a site with questionable back-end security practices, they could get your password and your e-mail address, and if you’ve used the same password on every service they can log into your e-mail, and see what services you use, then log into those services and so on and so forth.. good news for the criminal, but extremely bad news for us!
Here is where KeePass comes into play, KeePass is an encrypted password locker (and there are many out there, but KeePass is just awesome). A password locker (as the name implies) is a piece of software that is used to store all of your service and account passwords in a centralized and encrypted database file.
In order for an individual to get access to his or her passwords, they only have to remember one password, the password for the locker itself. Once entry has been gained a password locker, all of the passwords, logins and notes for the service are available for use.
By using a password locker, you do not have to remember any passwords other than the one to the locker itself, KeePass and most other password lockers make it easy to generate passwords for new accounts and services, and the passwords they generate are typically very secure (and very long).
When a person wants to log into his or her e-mail account to check the mail, they would first open up their password locker, find the account they want access to, copy the password to the clipboard (CTRL-C) go to the login page and paste the password from the clipboard into the password field (CTRL-V).
Password lockers such as KeePass also empty the clipboard after 30 or so seconds, in order to make sure that your passwords aren’t kept into the clipboard. When we use a password locker in such a fashion we can now use a unique super-long, super-difficult to guess password for every one of our services.
Since the password locker itself stores everything into an encrypted file, we can put that file into a cloud service like DropBox and then point all the KeePass clients on all our devices to access the file off of the cloud based DropBox.
It’s quite important to remember that the password for the password locker itself must be long, hard to guess and easy to remember. An easy way to generate a long password is the ‘First letter of every word in a sentence, including punctuation, method’. For example, the password ‘Floewias,ip,m.’ is itself the ‘First letter of every word in a sentence, including punctuation, method.’ sentence turned into a password. Sentences taken from the characaters in great movies as Star Trek II: The Wrath of Khan are excellent candidates for password generation.
Finally, there is one last thing you can use to thwart Criminals from getting at your data. How many times have you signed up for a service which asks ‘What is your mother’s maiden name?’ as a security question? A whole host of services use this questionably silly method to allow you to reset your password by answering the question. The problem being, if you are using the same answer to the same question on multiple accounts, that in itself makes those accounts vulnerable if a criminal gets access to an account that used a weak password. They can read the answers to the questions and then use those answers to easily reset passwords for other accounts.
You can use a password locker to thwart these types of attacks by using fake answers. In KeePass you can record ‘notes’ for accounts, I like to keep my password-reset questions and answers as notes for the services under which they are registered. Simply make a silly hard to guess fake answer, record those security questions plus the fake answers under the notes section for that account in KeePass and you’re done, use a different set of questions and fake answers for each account.
Also, remember to routinely back-up your KeePass password file to a thumb drive on a regular basis, if you use these methods and you lose access to your password file, you’re going to have a very difficult time getting access to your accounts (by design).
Stay safe out there!