Print
Discuss
Send to friend
RSS feedsIf you've ever lost, misplaced or forgotten the keys to your home, you'll know how much of an inconvenience it can be. The same can be said of the user names and passwords we are expected to remember in order to access computer-based services such as email accounts or online banking.
It's not just your internet accounts that are at risk. If your computer uses Windows XP, each member of your family may have different settings and a different place where they keep their own files.
How can you make sure that young, often computer-savvy, children do not get access to your private files? More significantly, how do you ensure fraudsters don't steal data that could help them defraud you?
This feature will examine the various ways in which you can keep your computer safe from prying eyes, as well as how you can protect your banking, online shopping and any other accounts you may have.
We'll also show you ways to make it easier to remember that ever-growing list of passwords, whether you're shopping or banking online, or simply trying to access your emails.
Choosing a user name and password to access websites, online services or even your own computer is becoming a part of everyday life. Keeping your user name private isn't a serious issue, but ensuring your password is kept secret is vital to your security.
The growing number of passwords we are expected to remember has led many people to use the same words for a number of accounts. Others, particularly inexperienced users, often choose passwords that are very easy to remember and consequently very easy to guess.
Favourite sporting teams, children's or pets' names are often chosen as passwords. There are still a frightening number of accounts and computers that simply have the word 'password' as their password.
As every parent knows, the best way to get a child to do something is to tell them not to. Combine this with movies that have made stealing information, or hacking, seem glamorous, and it shouldn't come as a shock to learn that there are many who try to guess their way into other people's secure accounts.
Such actions are immoral and in many cases illegal, but using obvious passwords (which makes a hacker's life easier) makes as much sense as leaving your house unlocked when you are away.
Guessing games
The starting point for protecting your information is to choose a safe password. Hackers will often use automated tools, known as password crackers, that try to guess your password by reeling off, at high-speed, every word in the dictionary. If you're using the word 'apples' as your password, it may not be long before your account is breached.
The best passwords involve characters that have been chosen completely at random. Password crackers will have a hard time guessing these, but the downside is that you will too. Your best option is to choose a password that is both easy to remember, and contains a mixture of upper and lower case characters, numerical digits, and if possible, special characters.
For example, 'paulEtte1979$tEvEn$' may seem like gibberish to a password cracker, but could be easily memorable to a person called Paulette Stevens who was born in 1979.
Most websites require case-sensitive passwords, so strategically inserting capital letters can add to your overall security. Using special characters, such as a dollar sign instead of the letter 's', makes it even more difficult for others to guess.
Choosing a strong password is only half the battle. Hackers have a number of other tricks up their sleeves to help them access your accounts. One of the most common techniques is social engineering: the art of persuading people to divulge information they aren't supposed to, simply by asking for it.
A survey on passwords carried out for the Infosecurity Europe trade show in London in April 2004 revealed some startling findings. Four out of five of those questioned happily handed over the user name and password for their work PC to those carrying out the research.
Even more surprising, those who did not reveal their passwords were willing to do so after being bribed with chocolate.
Fraudsters have been known to send emails to random addresses, posing as a bank or online shop ? a confidence trick known as 'phishing'. Users are asked to update or confirm their credit card numbers, passwords and other sensitive information, not knowing it will end up in the wrong hands.
The key thing to remember is that legitimate companies will never request information using this method. If you receive a phone call or email from someone asking for your personal information, the first thing you should do is contact the organisation to check that it definitely came from them.
Remember me?
Most of us use the same password for different services, but security experts recommend using unique login details for each individual account. Unfortunately, the need to use stronger (and more complicated) passwords means that remembering which password belongs to which account can be difficult.
Thankfully, help is at hand. Microsoft Internet Explorer, which most of us probably use as our web browser, has the ability to remember user names and passwords. Access the Internet Options box by selecting it from the Tools menu, then click on the 'Content' tab followed by 'Autocomplete'.
Clicking all the available checkboxes will give Internet Explorer permission to remember any details you type into a particular website.
Unfortunately, this raises several security issues. If anyone else has Feature Password protection access to your computer, such as a child or housemate, they can automatically be signed into password-protected sites without having to guess your password.
Setting up a Windows user account for each household member can prevent this from happening. In XP, this can be done by going to the Windows Control Panel (Start, Control Panel), and selecting 'User Accounts'. For users of pre-XP versions of Windows, the news is not so good. You can create a user account but there are no wizards to help you.
The accounts in earlier versions of Windows are intended only to keep your Desktop looking the way you like it, not to stop your passwords being shared. Once you have this security in place, there are a number of different methods you can use to make handling passwords even easier.
Microsoft Passport can be used to access several websites and services with a single user name and password, usually tied to the web-based email system Hotmail. The technology is now used in many Microsoft programs as a way of authenticating users, but is also being adopted by various other companies to ease the login process.
Websites such as eBay and Starbucks now allow you to automatically sign in using the same details used for accessing Hotmail, and Microsoft hopes more people will choose to use it. But the idea hasn't been taken up by enough websites to make Passport a general solution to the problem of multiple passwords.
A safe place
There are a number of products available that pick up where Passport leaves off. Password Manager XP costs about £14 from www.cp-lab.com and enables you to create a list of login entries for all your online accounts.
When you visit a website in the Password Manager XP database, the program will automatically fill in the correct password based on the user name you have entered. It also has the ability to generate a random string of characters that can be used as a password for any new services you sign up to. Thankfully, it automatically remembers which new password is linked to which site, so you won't have to.
The software is compact enough to be installed on a removable USB key. This allows you to use it on more than one computer, so if you regularly use more than one PC you can carry your secure settings and passwords between each.
Norton Password Manager (£25 from Symantec) is a similar product but offers additional features. As well as user names and passwords for specific websites, it allows you to save names, postal addresses and even credit card details.
On visiting a website that requires you to enter this information, the program asks whether you'd like it to fill in the appropriate fields automatically. This is an invaluable feature, particularly on sites that require you to enter a lot of information in order to access a service.
Trawling the web for car insurance quotes, for example, is made far easier if you don't have to enter the same information across different sites.
Creating a text document with a list of passwords is the least expensive method of keeping your passwords organised, but doing so is just as dangerous as keeping a credit card Pin on a slip of paper.
The programs mentioned above are both password-protected and use encryption techniques that scramble your data, making the information contained within unreadable to anyone but yourself.
It is possible to scramble your own list of passwords using programs such as Steganos Security Suite 6. This program creates a special folder where all your important files, including password lists, can be stored. Steganos uses fiendishly complicated mathematical equations to turn your data into gibberish.
When this folder is open, it behaves just like any standard disk drive. When closed, the drive becomes invisible, all files inside it are encrypted, and your data is kept safe. You may have heard that it is possible to 'crack' scrambled codes and, while we admit that this is true, the means to do so is far beyond the capabilities of the majority of hackers.
Besides, why should they invest in a supercomputer to crack your online banking password when someone else might happily hand it over when asked to by email?
Protect yourself
There are a number of ways to keep your sensitive data protected while easily managing user names and passwords. These solutions vary in approach and the number of features they can potentially provide, but it is important to remember that good security starts with you.
If you follow the good practice of never divulging personal identification information to anyone you don't know or trust, while taking precautions on multi-user PCs to avoid inadvertently sharing your details, you will dramatically reduce the chances of someone stealing your data and, ultimately, your identity.
Pin head
If you have taken a trip to your local Asda lately, you'll probably have noticed that retailers are now adopting the chip and Pin method of proving that you have the right to use the credit card in your hand.
If you have the misfortune of being forgetful, there are a number of ways you can use mobile technology to help remember things.
Perhaps the most basic method is to create a phonebook entry in your mobile phone, where the telephone number is a random series of digits with your Pin secreted inside it. The number 020 8132 9482 could contain the Pin 8132.
Provided you don't store the number under an obvious name such as 'my pin', this is a fairly reliable method of storing your Pin number.
More sophisticated techniques include using a handheld computer to store your sensitive data. These pint-sized computers allow you to keep records of more than just Pins, and can also use sophisticated encryption software to protect files.
Whatever method you choose, it is important to remember the implications of losing a mobile device. Your insurance claim for losing your credit card details could be threatened, as some banks could consider you negligent.
All the banks we spoke to said consumers should never store Pins or passwords anywhere. It's the safest way, but not much help these days.
Multiple passwords
While the traditional approach to user authentication has been for users to supply a user name and password, banks and other organisations are now using multiple security questions to verify customers.
Each question,such as 'what is your mother's maiden name?', isn't very secure in itself, but the method becomes more reliable when it combines a sequence of personal questions.
There are potentially negative aspects to this method of authenticating users. The more companies there are that use this approach, the more risk there is of your information being misused by unscrupulous organisations.
Banks tend to be fairly trustworthy when it comes to keeping your personal data safe, but if every Tom, Dick or Harry who fancied starting an internet business knew your private details, it could reduce the effectiveness of this type of question.
To their credit, banks do have measures to keep you protected. Barclays says that if you can prove you are the victim of fraud, it will reimburse your losses. Unfortunately, it is less likely to do so in situations where you are to blame for exposing your information.
Biometrics
We've all seen science fiction movies that use high-tech measures to identify users, but just how realistic are they?
Biometrics (the science of measuring unique physical characteristics) is already in use. The Identix BioTouch USB Fingerprint Reader can be plugged into a PC's USB port. It has a scanner that can recognise a person's fingerprint, and this method can be used as an alternative to traditional passwords.
If you want to take it a step further and emulate the Hollywood stars you could always get an iris scanner. The Panasonic DT120 biometric iris recognition 'Authenticam' is a multifunction camera that can identify you by recognising unique patterns in your iris, or function as a simple webcam.
All of this hi-tech security doesn't come cheap, however. You can expect to pay upwards of £300 for an iris scanner and around £130 for USB fingerprint recognition systems.
See also:
If you haven't already downloaded Windows XP Service Pack 2, it's about time you did. Here's our guide to making it as pain-free as possible 07 Sep 2004
We continue our round-up of 50 essential utilities to help keep your PC perfect. Why pay over the odds for utility software when you can get it for free? 03 Sep 2004Why pay over the odds for PC utility software when you can get it for free? We round up 50 essential utilities that can help keep your PC perfect 03 Sep 2004All Software Applications
del.icio.us
Digg this
reddit!
