Social media sites like Facebook and Twitter are great for sharing information with friends and family, but is it really the best idea to put all that information out there for the world to see?
Paul Upholder is an information technology instructor at Rhodes State College and says posting personal information like pets names or family members can be dangerous, even with privacy settings in place. A hacker can take that information to help figure out your password for not only social media sites but also things like your online bank account.
So, what should you do to prevent hackers? The best way to prevent getting hacked is to us a password utility generator.
Information on Password safety courtesy of Jason Houx, System Engineer: Cisco Systems
Most web sites use a has algorithm to turn a user password into a string of letters to use between machines for what we call machine to machine conversation. This allows a users password like "Motorcycle" to look like "49c2255829d1a0cba169e91f5286bb1665a9615d". However a simple sha1 algorithm is simple to reverse so developers will salt the hash, or add random bits to change the hash output. A decent web site will salt the user password file so that the passwords are offset and
more difficult to decrypt and gain the clear text password (in this case Motorcycle).
However, as we saw far to often in 2012 some very large companies were not salting their database and providing the right level of security for the consumer:
Linkedin June 2012
6.5 million unsalted hashes have been exposed
Yahoo July 2012
435,000 compromised passwords
So it is in the consumers best interest to protect themselves by providing their own first level of defense and this comes with the use of single use password security and using difficult passwords that can not be brute force attacked. The largest draw back to this is that nobody is going to remember a difficult password like "L/p0e@0Rj&zDd2n". the answer to this problem is use a utility that stores your username, password, and URL of the site in a secure encrypted file on your computer (that you obviously backup). It is good to use a utility for password that also has a random password generator included in the software. Here are some utilities I have used and would recommend.
for Microsoft product family:
for Apple OSX product platforms:
Password Repository (http://www.pomola.com/products_passwordrepository/)
Universal Utility: Windows, Apple, Linux
Password Gorilla (https://github.com/zdia/gorilla/downloads)
Its also important to note that larger financial sites and even sites like Google now offer options (or enforce) a two factor authentication which allows you to have a common password and they site will randomly generate you a password and SMS it to your phone for login. This obviously only works if your phone has not been compromised as well, but is certainly a step in the right direction.