Six ways to safer computing

I got an email today from a Yahoo subscriber that had no subject and contained only a link to a website.  The website claims to sell pharma products, but looking more deeply into the page, appeared to try to do a lot more.  There was a lot of JavaScript getting loaded and it wasn't clear what it was about to do. 

At some point, the password for the sender's Yahoo account was compromised.   Although the horse is out of the barn, it's still worth securing the building.

Here are six suggestions to lock the barn:

1)  NEVER EVER login to ANYTHING from a public computer.  You should assume the computer is full of malware and  keyloggers.  Resist the temptation to "just check my mail for a sec."

2)  If you use your computer on a pubic wifi hotspot, only login to websites that start with HTTPS, not HTTP.  HTTPS traffic is encrypted. HTTP is not. Anyone using the hotspot can record all network traffic. There are programs that output Excel spreadsheets of sites, userids, and passwords.  This does not require a sophisticated hacker.

3)  If you read mail in Outlook, Thunderbird, or some other program and you use your computer in a public hotspot, do not read mail unless your mail provider supports encrypted connections. The connection types should be POP3S, IMAPS or there should be a "use SSL" checkbox in the configuration. Check with your provider if you're not sure.

4)  Use a hard to guess password.  Your name is not a good password. What's your favorite line in a movie? I like Citizen Kane and one great line is "I think it would be fun to run a newspaper."  So, for a password, I could use "ITiwbF2ran".  On the piece of paper I carry around to remind me of passwords, I'd have "email psw:  Charles Foster Kane". That will help me, but won't help anyone else.

5)  If you must use Windows, use it safely.  Use Internet Explorer 9 or Firefox as your web browser.  Install a good antivirus. (I like NOD32 from ESET.)

6)  Use different passwords for different services.  Your mail password should be different from your bank password, which should be different from your voicemail PIN, etc.  If you use the same password across systems, everything is only a secure as the weakest one. Do you really know who's running every system to which you login?

Making it easy for the bad guys

Seveny five percent of all users use the same password for email and social network sites, according to a story in Security Week magazine, citing a study by Bit Defender.  Want to bet a good number also use the same password for their bank accounts, credit cards, Starbucks card, and every other web site?   

We all probably trust the security of our bank, but what about that website where you had to register, then take a survey to get a chance to win an iPod? Who's running that site?  Did they ask you to pick a user ID, enter your email, and select a password?  And did you use your "usual" ones?

When you say it out loud, does it seem like a good idea?