Protecting Your Online Privacy Part 2

Welcome to part two of my personal battle against pesky password thieves. Don't be the one that becomes their next victim! Last week I explained briefly the danger of password hacking of web sites such as Amazon and Paypal. Nobody wants to have to remember multiple passwords, so they reuse their Paypal and Amazon passwords for other web sites such as Twitter and Facebook. The problem is that if your password for one web site is stolen, you could be the next victim of online fraud.

Remember The Golden Rule .. Don’t Re-Use Passwords!!

It is a real pain to have to use a different password for each of your online logins, but once you have been bitten, you realise that it’s worth it. My heart stopped when I saw that someone had transferred £680 out of my Paypal account, so it’s not going to happen again in a hurry. Realistically, you need to keep a spreadsheet of your passwords for your online logins. Not only that, but you need to make them good passwords including upper and lower case letters as well as special characters. 

My Password System

I worked out a system that I am happy to share with you because it works for me. You can adapt it and make it more complex. It all depends on how obsessive you want to be about it!

My recipe for password security has three simple ingredients:

• A number of 4 or 5 word phrases
• Some special characters that you alter for each login
• A string of character that you are going to remember. Make it the first part of your partner’s vehicle registration plate or something equally memorable.

You then create a system using a spreadsheet and a little imagination. Here’s one I cooked up earlier based on the first letters of the words in Beatles songs:

Needless to say you don’t have to use Beatles songs. You could use book titles, proverbs, recipes or just about anything else the will give you a number of phrases of 4-5 words. Just devise your own system, work out where you are going to put your special characters, which letters will be upper case and which will be lower case and generate as many passwords as you need. If you want to be really fastidious you may want to use an application such as 7-Zip to store the spreadsheet in a password protected zip file. Just make sure that you can remember that password … and make it a good one!

How To Protect Your Online Privacy

If you have read my blog recently, you will know that I had my PayPal account hacked a couple of weeks ago. It’s pretty embarrassing for me to get caught out since I have been involved in IT Security for over 10 years, but it shows that if it can happen to me, it can also happen to most of you who are reading my blog. So here are some helpful tips to ensure that you aren't the next one to end up with egg on your face and a hacker in your PayPal account.

The Online Golden Rule That I Broke!

I’m pretty convinced that my password was compromised because I made the schoolboy error of using the same password for PayPal as I had used for another Internet site. That site was probably hacked specifically to get hold of the web site's password file so that the hacker could try the email addresses and passwords on shopping sites such as Amazon and PayPal. When they tried my email address and password in PayPal, they would have thought that they had struck lucky. Fortunately for me, I saw the email payment confirmation from PayPal on my iPad, so I reported the incident to PayPal and changed the password within 20 minutes. Credit goes to PayPal who acted to return my £680 within 48 hours.

How Easily Can Hackers Get Your Passwords?

It is distressingly easy for Internet criminals to get hold of your PayPal / Amazon passwords. All they need to do is get hold of your password for another Internet site and then simply try it on Amazon, PayPal, or any number of other Internet shopping sites. If you are a Twitter user, have you ever seen any emails like this one?

If you have, and you clicked on the link, you probably also gave the bad guys your Twitter password, and if you use your Twitter password for PayPal, Amazon etc. please stop reading this blog post and go and change those passwords now!

The Golden Rule … DON’T RE-USE PASSWORDS!!

You may be careful not to click on “dodgy” links, but that won’t stop the bad guys from hacking one of the web sites that you belong to and getting your password, and don’t think that adding a “!” or a “£” to the start and end of your pet stick insect’s name is sufficient protection either. Password cracking software is pretty sophisticated now and will probably crack it in a few seconds (unless your stick insect is called Sy900$r5%)!

So How Can You Stay Secure Online?

The simple answer is that you need a system to provide you with strong, unique passwords for your online web site logins, and next week I will be happy to share mine with you. Don’t forget to come back next week!

Had Your Paypal Account Hacked? Join The Club!

Last Thursday night I was sitting at home watching the TV when my iPad on the arm of the chair went “Bing”! The email notification said something about a Paypal transaction which (being a cautious sort of chap) I thought was worth checking. I'm used to seeing phishing emails, and Google Apps has a very good spam filter,  so this particular email was worth a second look.

When I opened the email a shiver ran down my spine. It was a notification from Paypal that £689 had been paid from my Paypal account to someone whose email address meant nothing to me. What was worse, this email looked genuine. I immediately fired up my laptop, logged on to Paypal and there it was staring me in the face. £680 had been paid out of my account using the card that I had hooked up to it.

The crafty beggars had timed the transaction to go through just after 10 pm when the Paypal phonelines closed, so I reported the unauthorised transaction through the Resolution Centre. Paypal sent through an email to confirm that my dispute had been registered and I sat back and crossed my fingers.

To their credit, within 2 days I received confirmation from Paypal that my £689 would be credited back, so with a big sigh of relief I was able to think of the lessons I had learnt from the experience.

How was my account hacked?
I’ll never know for sure, but the only two possibilities that make any sense are that:

• I had a password stealing trojan on my PC or
• Another site where I used the same password had been hacked and they tried out all of the usernames and passwords on Paypal.

If you ever have the misfortune of suffering a Paypal hack, you will need to cover both of these options. The only way to make sure that any trojan on your PC is no longer there is to back up your data and re-load your PC from the Windows CD. Is there anyone reading this who doesn’t have the Windows CD for their PC? If so, please go back to wherever you got the PC from and find out how you get one. It’s your ultimate “Get out of jail” card.

You then absolutely must change all of your critical passwords (eBay, Paypal, Amazon etc). It may be a pain, but if you have already been hacked, you have no choice. Paypal force you to change your password as part of their “disputed transaction” process anyway.

One of our engineers quite rightly gave me a hard time about my passwords, and I spent an amount of time this weekend working out a new system. Your Amazon / Paypal etc passwords really should be unique, and you need to avoid standard words and phrases that can be cracked pretty easily anyway. Use something such as the first letters in song lyrics that you can remember together with special characters. Having been stung once, I damned if I’m going to give anyone another chance of nicking my hard earned cash and neither should you. You can see the system that I have now chosen to use here. I hope it helps.