Hanton: Are your passwords really secure?



Comic courtesy of xkcd.com

Rick Hanton

As you begin your semester at Iowa State, whether you are a new or an old student, one thing you probably don’t pay enough attention to is Internet security. I know that most people don’t understand computer security very well, and whenever you see a story about computer security in the news, you don’t look at much besides the cute picture of a masked hacker reaching out of the monitor to grab your wallet.

However, your security online is a real threat to worry about. When you spend tens of hours a week using Facebook, Twitter, Google+ and other services like Foursquare or Reddit, the security of your personal information on those websites should be of paramount importance. This is especially true when using your laptop, smartphone or tablet on an unsecured network, like the campus Wi-Fi network.

Iowa State’s IT department should strive harder to educate students both about how to secure their computer from thieves and criminals and about how to stay safe on social networks. I helped out with a push a few years ago to educate students about the security and legal issues surrounding file-sharing networks, so why can’t ITS now strive to educate students about securing their computers and keeping their personal information private? Is that not just as important?

So while you might not have had reason to hunt down the “CyberSafe” page on the IT website before (which is quite good, I might add), here are five easy ways to keep your computer secure:

1. Update, update, update. Don’t postpone requested updates and if you can, update proactively.

Make sure automatic updates are turned on and note programs that you need to manually update from time to time.

2. Use an anti-virus monitoring program.

Iowa State provides free options for students. I like some free programs like Avast! Make sure the anti-virus is installed, turned on and is set to scan the hard drive on a periodic schedule.

3. Scan occasionally for malware programs.

Find a malware scanner and use it every few weeks to check for malware left by websites and software on your machine after getting the latest updates for the scanner.

4. Put yourself behind a firewall for protection.

A good firewall can be your first line of defense in blocking hackers from getting in and preventing malicious programs from phoning back home. Use the built-in Windows firewall or try a free program like Comodo Firewall or ZoneAlarm.

5. Don’t open suspicious web pages, e-mails or files.

If it looks fishy, don’t open it. If you already opened it, close it right away and run a virus scan. Easy!

Once you go online to sites like Facebook and Twitter, you put your trust in those companies and the security of their servers, but you can also help keep yourself safe from attackers by creating good passwords. You’ve probably heard that you should use lowercase letters, uppercase letters, numbers and symbols in your passwords. That’s all good, but did you also know that the length of a password is more important than the complexity? Passwords get exponentially more difficult to break the longer they are, so strive for 10 or more characters to be safe.

You also don’t want to have passwords that are words from the dictionary, passwords that are super-easy for you to remember or passwords that don’t change from site to site. Some of the most popular passwords (that you don’t want to use) include 123456, password, abc123, 123abc, monkey, and the name of the website you’re visiting. Make your password challenging. Try using a password created by combining the first letters of each word in an easy-to-remember phrase.

Another thing to remember when checking Facebook on campus is that unless the website you’re viewing is encrypting your communications to the site (you’ll notice a padlock in the browser or an address beginning with https), anyone around you with the right tools can read your password as you send it over the unsecured Wi-Fi network. That is why you should always use the slower, secure version of websites or use a password-protected Wi-Fi access point. An easy fix when you’re on campus is to use the Firefox HTTPS-Everywhere plugin, which forces you to use encrypted versions of websites when they exist.

Even if your Wi-Fi network has WPA encryption (don’t ever use WEP), with enough tools and time, an attacker can still get in. As computers get faster and hacking tools proliferate, it will only get easier for hackers to look at the data on your wireless network. One technically useful, but scary tool coming out soon that just appeared at a hacker conference claims to help an attacker infiltrate networks at the push of a button with only the use of an Android application. It’s a brave new world out there.

Lastly, I just wanted to remind you to beware of location-sharing services like Foursquare, Gowalla, Google Latitude or Facebook Places. You should be careful who can see your updates and make sure you trust them. If a malicious person could get your updates, they could potentially determine your routine, the location of your house and more just by following the GPS breadcrumbs you leave behind.

Be careful out there. The digital world is a great place as long as you remember to put on the right digital armor before heading out to share, create and play online.