In 2016 all our information is online, whether it is within social networks, in the cloud, or in places we were not aware that they are available to others as well. The following guide will explain how to make sure your sensitive details are properly secured
In 1996 we foresaw the future that in 20 years from us as a future where there are more machines than people. Proponents of the conspiracy even viewed these days as the black days when the machines would take command of the world and run us and not the other way around. Well, the future is a little different and less scary, but justice is in principle - technology has not only contributed but also the affinity.
As a reporter on the Computers and Technology website, needless to say I have all the love for technology and its advancement. But I think it is very worthwhile to get to know this technology and the dimensions to which it is evolving, because it will not always be there for our benefit. This guide talks about the subject she touches and bites quite a bit - our personal lives.
With the appearance of clouds (which are just a new word for what was formerly known as remote servers), every self-respecting site, all Network Social and all application Keeping our information on its servers - our photos, our conversations and at the end of the day - everything. Let's start with the fact that this is an unchangeable fact, but it should all be accessible and visible only to us and those we trust, and that's the point of this guide.
While we accept the fact that our information today is maintained on remote servers, it is important that we protect ourselves against invasion of privacy and external breaches by hostile elements. After an unpleasant experience a few weeks ago I was almost a victim, and quite a few times in the past, after very thorough research, I am happy to bring you a guide that will give you all the ways to defend against any attack, intrusion or unintentional exposure, Sure - you.
For your convenience, the guide will detail and explain each paragraph, but at the end it will contain clear conclusions from the explanation in the paragraph, which must be made in order to remain safe.
Passwords - How does it work?
Remember the days when we said, and we were right "no one knows my password, I'm totally sure"? Well, those days are long gone. This is a fact: today, any hacker can put his hand on our password. Although he will not do so directly through Facebook, or one of the services of Google, But if you have a database with our password, or if you choose to hack an account we opened on a site that does not block Brute Force attacks - with enough time and will, it will get it.
How did this happen, you ask? The beloved hardware we deal with has evolved immeasurably, giving hackers unprecedented processing power. This is how it works - when we enter our password while registering on a particular site, it is stored in the database when it is unilaterally encrypted - that is, an encrypted password will not be able to turn back into readable text. The way the site is able to verify our password, is to encrypt the password again after we have entered it in the login form, and compare to the one that exists in the database.
- Today it is not enough to make do with a slogan that no one knows. The emphasis is on a strong and unique password and complementary layers of protection, as detailed below.
It's easy to guess our password
The fact that a password can not be directly encrypted does not bite into the wet dream of hackers And invented the Brute Force method: a method in which they run a code snippet that creates a combination of all the possible characters, including special characters, until they are compared to the encrypted password they are trying to crack, and is revealed as readable text. Thus, an action is done that turns the password back into text by a large number of guesses.
True, the number of combinations for a password of several characters may be large, but let's go into proportions: even before 10 years ago, it was revealed that a computer with an average processor and an 8800GTX video card that helps calculation functions can also calculate 100 million combinations per second. Needless to say, today processors, graphics cards and their systems are able to offer more power than that.
About three years ago, the hacker's computer system was revealed, which contains about 25 video cards of the type Radeon HD7970 capable of making about 350 billion guesses per second. Therefore, it is easy for hackers to guess passwords, and there are even ready-made databases on the Internet and "calculators" of their kind that turn into easily encrypted passwords in seconds.
- Even average and even weak computers today can guess our password if it is easy enough.
So how do you choose a strong password?
So far we have seen the "horror scenario". So what do you actually do? It is important to understand that, no matter what, dual or quad-core computers like the one shown above have limits, and as the number of characters in our password grows, minutes, hours, days and even weeks and months are added to a potential guessing process. .
The number of characters in the password is very important, but what really makes the difference and can even undo the first is what is in the password. For example, we'll take a password of 10 characters from a number, say, our phone number. The number of combinations for a password made from numbers is so small that even the same calculators on the Web can guess them - and this applies to passwords that contain only ordinary words, and even both.
If so, a relatively protected password will be one that consists of a large number of characters (above 8 minimum and more preferably), containing both a combination of numbers and words. The perfect password will also contain special characters such as% & ^ # $, * @, and one or more capital letters. It does not have to be complicated. Suppose my favorite movie is The Avengers, and my phone number is 0501974212. This is how I will combine it into a perfect password that is easy to remember: [email protected]&.
The demo above using a phone number is hypothetical only, of course not using a phone number or anything else recognized as a password. Why? Because if you combine them with letters and large letters, computers will take years to guess them. But a person who knows your phone number and favorite movie, for example, can easily guess it.
- Do not select any password containing a number related to you: phone number, birth date, identity card and even the code for the office door.
- Letters and numbers (especially literature) alone are weak. The secret is to combine them together.
- The password must be long enough. In this case too, size determines.
- For the rest Security, You may want to combine upper and lower case letters, numbers, and special keyboard symbols.
Unsecured sites will knock you down
Even if we have a strong and powerful password, we can still find our Facebook account or Google one day. Our Achilles heel, in this case, will use the same password, and in one of the cases it registered with it to the most insecure Holly site there is.
Not all sites contain the standards for password and account security. While Facebook, Google, PayPal, and the like contain a mechanism that blocks the user or locks the victim's account in order to protect it if there are too many attempts to guess the password, other sites do not. In fact, some of the biggest Israeli sites do not even bother to encrypt their passwords!
The fall of your password into the hands of a hacker through one of these sites is possible, usually by publicly exposing the database containing names, emails and passwords of public users, so hackers can get your permanent password to many places and use it and your hacked accounts freely.
The solution is simple, of course. We can not fix the security holes on all sites, so we should assume that most of the sites we use do not contain Security Strong enough, and not use the same password anywhere. With different slogans for different places we will be protected in most places even if one of our slogans falls into bad hands.
- Always use a different password for each site.
Phishing: Just give your password
This is not a trick of some kind of brain control, but a successful attempt to deceive you. Using the phishing method, by entering certain "disguised" pages into familiar pages, you can simply enter your username and password yourself, and they will go straight into the wrong hands.
This method is perhaps the most common today, and many fall in it. For example, let's say you go to a page that looks like part of Facebook to the last detail, and it asks us for your username and password. At a glance - it seems perfectly reasonable, the cocaine must have expired. But looking at the URL above will show an address that is completely different from פייסבוק. There are those who use domains similar to those of large sites for these pages, with a small and common typing error, for example "youtubw" "facebok", which in such a quick action will easily overthrow the user.
Phishing is expressed in other forms of social engineering, but the principle is the same: to give your own details by wrong actions. Another method may be to intentionally download files that contain KeyLogger tracking software (usually the password that is entered into the form to the software owner) - often false software or even an innocent act by a trusted person trying to access your account.
- Always pay attention to the URL in the browser's address bar when entering your password, and pay attention to the files you download or receive.
The solution would kill any hacking attempt
We kept the good to the end. There is another solution that is more effective than any of the methods listed above. I will go so far as to say that he can even replace all of them (but I definitely recommend following all the steps). Of course, it has a small catch: not all websites support it, and it may be inconvenient for some users.
Large sites and applications with first-class security, such as Facebook, Google, PayPal, Sets and the like - use a layer Security Besides your password: your phone - a device that is with you most of the time physically and gives you full control over what is happening. When you log in from a new browser or other unrecognized computer, you will receive an SMS with a variable code, which you will need to tap on your Facebook login in order to login.
Therefore, no matter what, unless your phone physically falls into the hands of another person, any hacking attempt will be easily blocked by your phone, as the most advanced hacker does not have access to your phone (unless you have given your password or received it A tracking file from that person in an act of phishing, as detailed in the previous paragraph).
My opinion is that this is a layer Security Great and deserves everyone to secure their accounts with her. It is true that it involves some inconvenience of dependence on the phone - but today it is with us all the time, and the code arrives immediately. I will mention again that this is a connection from new places only for the first time, so you will hardly be asked to do this process.
- Phone authentication is the strongest security solution available. This ensures that only you log into your account.
Privacy and clouds
If you followed the guide well, you probably already understood that the bottom line, implicitly, is that the danger stems from the fact that all of our information is stored online. The cloud services that have entered the acceleration in recent years are indeed a welcome technology that helps us access our data from anywhere, unlike when ever all the information was stored on one device. But the fact that our information is floating somewhere in the clouds requires Security.
Pay attention to the cloud services. You do not always need them - but they work with an operating system installation, whether it's OneDrive in Windows 10, whether it's syncing with GoogleDrive \ account Google Android or iCloud devices Dark. By default, they actually synchronize your information from your device, and even import information from other devices, and not always be the device you want. So if you do not need to back up and sync to the cloud, be sure to turn off settings Privacy Needless.
An additional hazard in privacy is location services. On any mobile device, location services are designed to connect us to useful services such as day-to-day GPS services. but Apps Many such as פייסבוק Use this setting, as long as it is on, to publicize your current location. On Facebook, for example, in privacy notices and statuses.
It can even browse beyond those linked to you in these apps. About a year ago, a malicious "service" was revealed called "Marauder's Map", a reference to the name of the map from the Harry Potter book series that allows you to track any movement in the area - and just like a reference, all you have to do is enter a person's Facebook name. Any recent action on Facebook (such as sending a chat message, for example). The service is currently closed, but many like it may pop up again.
Be sure to enable your location services only to applications that need it, such as Apps GPS, Weather, and so on. In general, we recommend turning off location services when they are not needed, as they not only save the battery but also "hide" our location in any situation.
- Monitor the cloud services and their activities. Always check your sync and privacy settings on each device
- Notice which Apps Use your location services and how. Turn off location settings when not needed.
In 2016 it is difficult to remain anonymous and secure. Right? partially. This is true if you are a "small head". If you do not pay attention to links, some settings, use the same weak passwords everywhere and share information easily, more explain that you become a victim - the same people that happens to them like a thunderstorm and wonder how and why, and there are many today.
If you are careful, you may find that in 2016 there are many more tools to defend yourself than in 2006. If you learn to follow all the rules and points in the guide, and at the same time understand in depth how loopholes occur today, you will know where to properly seal doors.
Of course there are many more kinds of burglaries, they will always be and they will even develop. But what are the main points, and between all this one thing should not change - and that's your caution.