Unique strong passwords
Unique
One of the basics about password security is the usage of unique passwords. Several widely used services have been hacked like Dropbox, yahoo, LinkedIn, … . These lists of usernames and password are being used and sold. Hackers use scripts to try out the combination of username and password on several platforms like Gmail, Hotmail, Facebook, … in the hope that the credentials can be used to send spam, digital theft, credit card theft, …
You can check your mail address at https://haveibeenpwned.com/ to see if you mail address is in 1 of the leaked databases of previous hackings. When I check my own mail address I see that I’m the victim of 6 site breaches.
Strong
Use strong passwords!!! Don't use 123456 - azerty - qwerty - ... but use a password generator to create a long password with capital letters, numbers and special signs. This is important for 2 reasons. Several sites allow a lot of attempts to log in so hackers can try lists of regular used password to try for a match.
It's also safer in case of a website breach. Most website use hashing to encrypt password databases. In case of a breach the passwords are not stored in plain text. But everyone who uses 123456 has the same password hash so hackers can filter on these and retrieve your password. They use Rainbow tables for this.
I use the password generator build in KeePass to generate strong unique passwords.
Password manager
Use a password manager to store all you unique passwords. You only have to remember a master password to unlock you password manager database. I personally use KeePass for years but other popular free password manager are LastPass, Dashlane, 1Password, RoboForm, Sticky Password.
Very important when using a password manager is a backup of your password database!!! I sync my password db with versioning to my NAS and take an hourly backup with versioning to cloud storage. If your pc's crashes, is infected with a cryptolocker virus or if you accidentally delete a folder you risk losing all your passwords.
PC security
Patch your software
Even if you apply all steps above you are at risk if your PC is breached by a virus who install's a keylogger and records all you passwords.
- Always install the latest updates of your OS (windows, linux, mac, ...).
- Keep your browser up to date with the latest version.
- Keep Java, adobe flash player, adobe reader, microsoft office, ... up to date
Anti-malware software
Install anti-malware software. I personally use Kaspersky anti-virus but there are also several free suites on the market.Behavior
- Don't open suspicious mails
- Don't visit suspicious sites
- Watch out with free software you find online or with cracks to use paying software for free
I hope these tips help to keep you and your accounts safe fellow steemians. It's not only the crypto exchanges who get hacked, stealing crypto's is big business for malware makers.
Very informative post and quite scary to think! I am heading over to check if i have been breached right now!
Keep me updated :-) Don't forget this are only leaked databases collected as a hobby project by a security specialist. There are probably as many leaks where we are unaware of.
turns out 5 websites i am part of have been pwned... ah well was due a password change anyway!
very scary stuff!
Excellent post. I personally use a random password generator for my accounts, and regularly change them, but there are some things I could do to protect myself a little better. Although this is not new information to someone like myself, it's nice to have a reminder every now and then to perform a self analysis of "how safe am I?" thanks for this. I would love to see some light shed on how users confined to Android or IOS can fully protect themselves. I'm a Linux user through and through, and have no protection issues with sudo power, but I recently fried my cpu mining, so now I'm forced to perform 100 percent of my online computing on an android tablet. This presents a host for difficulties and slow downs for a power user, and having a minimal understanding of programming, I'm limited to what I'm able to understand and employ though an unrooted environment. If you've shed any light on this topic or plan to, your efforts will not go under appreciated. Thanks again.
That's a good one. I'm a power user in the windows family (windows, windows server, microsoft SQL, ...) but not as familiar with android.
For myself I try to apply the same behavior rules. Don't open suspicious mails, check the comments if you install an app from the appstore, install latest security updates if your manufacturer supplies any or consider a custom ROM if you device is not supported anymore, don't root your android device and install a (free) anti-malware suite.
I usually practice all of these safety tips, but I must say, rooting is very tempting for sure. I have one rooted device that I tinker with at times, but the risk seems to outweigh the rewards.
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by pieter87 from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
Dear steemer,
nice post and I followed you :) Please follow me :)