Password tips to save your account

Before knowing the tips to have your password, first we must understand the various ways by which ones account is hacked.

There are SIX ways to hack ones account (To the best of my knowledge).

1) Keylogger
Keyloggers are softwares that will execute in the background (will start automatically when u start windows) and will log all the key that you pressed in a file and will send it periodically to the one who created it either through mail or FTP. So when you login to your Messenger or Mail or orkut Account, your username and password will also be sent.

These Keylogger can be installed into your computer through some other software. One may add the keylogger to someother exe file and may give you the link to that file. If you open/run that file, Keylogger will also get installed into your computer automatically. Most popular way is to embed a keylogger into a Screensaver. When you run/install the screensaver, Keylogger will also get installed into your system.

I am not sure there is any way to transfer the file/registry entry that stores your password to various sites (I mean saved passwords in your browser)... Someone clear this doubt of mine.

So always download files/softwares from the link posted in some sites that you know well. Make sure the link is safe. You can have Anti-virus softwares like Nod32 or Anti-spyware softwares like adware or spybot to notify you of the keyloggers trying to log your keys by running at the background.

2) Cookie stealing script:
When you login to some site, the website stores some contents, in the form of a txt file called Cookie, about your login in your computer. Everytime you access the website, this cookie is sent to the website and checked whether you have already visited the website. There are Java scripts that can transfer the cookie to the one who created the Script. People can ask you to try /run (copy and paste in the address bar and hit enter) those scripts telling you that it will create magics/increase scrap cound, unlock album, increase friends count(orkut) or some blah blah. Not all scripts are safe.

With cookies in hands of anyone, he can login into your account, without having your password or username. Better mechanisms like verification of password are used by websites for crucial changes made in your profile. So though the problem it might create is lower than before, it is also a problem for you.

Don't try scripts that you don't know much about it.

3) Fake Login Pages
Fake login pages are pages that are similar to orkut/yahoo/gmail created by some one else, and will say that you can access Orkut/other mail accounts through their page. If you enter your Login id and password, it will be sent to the one who created the page and you will also be directed to where you intended to go. Beware of this and so always check the URL in the address bar before entering the login or username. Sometimes when you clik some link, it will log you out, and it will open a page similar to Orkut/whatever, and may ask you to login. So beware of the url in the address bar.

4) Hyper Links
Hyper links are something like this. When you more over the word "this", you can see a link at the status bar of your browser. That is where you will end up, when you click that word. A word/even a link can be used as hyperlink to another link like this www.learnfromeverymoment.blogspot.com

When you move your mouse over a link, the actual link will be seen in the status bar. What you see is the url of this blog, but they may link to some other page. If you check the status bar you will know where it is directed. Always check if the link posted and that is in the status bar are the same and also make sure they are not suspicious links. The page you go, may steal your cookies or will direct you to some fake login page.. So before clicking any link just check the status bar for the actual link

In some pages, Javascripts can be used to hide the link from displaying in the status bar. A plugin for FireFox 3 has the ability to show you the page, where you will go if you click it. You can get the plugin from FireFox official site.

5) Guessing Password
Have a password that cant be guessed. Don't have passwords like 123456 or abcdef or yourname123, something like that. Possibly have a combination of number, letter, capital letters and special characters. So that others who know about you cant guess your password or guess your answer to SECRET Question to recover your Password (which is used to recover your password) eg) Who is your favorite child hood hero. Ans: Vijay. Anyone who knows you very well, can know the answers for your birthday, Pin Code, your secret questions etc. So beware of the password and the secret question you give while registering.

Also there are softwares, that can generate random passwords that we people commonly use, and can guess many passwords of your account in a minute. But however now websites are bringing in , 3 maximum guesses for a session or image verification concepts to prevent the use of these kind of softwares.

6) Tinyurl or someother short links
Tinyurl links are short form for Bigger links. Those links are mapped. And the actual links where it is redirected cant be found by seeing at the status bar. Never ever clik this link. Unless you are damn sure that it is safe. These links may open a cookie stealer page or fake login page.

Another way is directly attacking your computers ports. This is not an easy job and it can only be done by experienced hackers. And they wont try this method for hacking silly accounts, lol. If you donot have firewall your ports can be easily attacked and they have your entire computer in control.

And Here goes the tips for you.
1) Have password, that you could remember well. Don't keep the password which others know about it. When you keep password related to you and which others know about it, like your nick name, then it is easier to guess.

2) Have passwords with a combination of Capital letters, numbers, special characters, small letters.

3) Don't keep the same password for a long time. Keep changing it every 3 or 4 months. If you keep it for very short time, you may confuse yourself.

4) Keep passwords of lenght atleast 6 to 8. Bigger the password, lesser the chance to guess.

5) Don't note your password down anywhere. Its better to keep in mind. And you can very well manage it with some memory power.

6) Having the same password for all the websites you register, has one advantage and one disadvantage. Advantage is that, you can easily remember the password. Disadvantage is that, if one accounts password is known, all accounts password will be known.

7) In firefox saved password option, if you give show password, all passwords will be visible. There is no security in that facility. So date make your browser remind the password.

8) Have good anti-spyware and anti-viruses installed, to save yourself from keylogger.

9) Don't click suspicious links, or login with your account in some other site other than the actual site where you need to go. (check fake login pages at the top)

10) Don't give your password to your friends, even if they are very close to you.

11) When using netcafe centers to browse, don't check "remember me" option while loggin in.

12) Most hacking occurs in the wireless networks. Use strong Encryption keys, and change your modem admin username and password.

2 comments:

mastan said...

thanks a lot for the tips. they are very useful

lokesh said...

nice thanks

Post a Comment