Many pupils and parents have had to use a number of devices to access materials for home learning over the last 18 months, from laptops and tablets to mobile phones and games consoles. These devices are often used for school, as well as for personal use, meaning people often spend the majority of their day using the same device. With such an increase in the use of these technologies comes an increase in responsibility too. One pressing area of responsibility is cyber security. What are the potential risks and threats? And how can we protect ourselves from these? Technocamps Delivery Officer Lauren Powell covers this and more in her blog…
How secure is your password?
Passwords are the keys to your digital life, they grant you access to your own personal kingdom. You need to use a password to log in to your device, another to log in to your email, another for your social media account, plus the many more accounts you have – that is a lot of passwords to remember. Think of a password as a key to the front door of a house. It would be no good if your front door key was the same key as lots of other houses, if someone finds the key to one house and they can unlock the front doors of all of the houses with the same key. This means that if you use the same password across all of your accounts and someone gets hold of your password, they would be able to log in to all of your accounts. Therefore, we need to make sure we use a different password for each account.
But how does someone find out what your password is in the first place? One way to get hold of a password is to crack it. Cyber criminals have several password-hacking tactics at their disposal to try to crack passwords. These tactics can be used on your actual accounts or even on a leaked database of encrypted passwords.
One tactic is a brute force attack. This attack tries to guess every possible combination until it finds the right one. This can be done by automating software to try as many combinations as quickly as possible. In 2012, a hacker unveiled he had written a program to crack any 8-character password containing uppercase letters, lowercase letters, numbers, and symbols in less than six hours. It had the ability to try 350 billion guesses per second. Brute force attacks can crack short passwords a lot quicker. So, one thing we can learn is that password length is very important. The longer the password the better.
Another tactic is a dictionary attack. It does what it says on the tin – essentially trying words from a dictionary. The attack tried a prearranged list of words to see if any of them unlock your password. If your password is indeed one regular word, it is likely to be open to a dictionary attack. We can learn from dictionary attacks that using multiple-word passwords and passwords with a mixture of uppercase letters, lowercase letters, numbers and symbols are more secure.
One final tactic is Phishing. This is where cyber criminals try to trick you into doing what they want. An example is a phishing email, this email may tell you (falsely) that there is something wrong with your account. It will often ask you for your details, including your password, or ask you to click a link. This link will take you to a phoney website that closely resembles the real account website. The cyber criminals stand by hoping you’ll hand over your details on the website or by email and once you do, they have your password.
There are many more tactics cyber criminals may use to try and get your password but we need to make sure we do not fall for them. Never hand out your password, to a friend or a stranger. You will not be asked directly for your password in any legitimate scenario. As well as this, check the URL of any links. If in doubt, navigate to the website yourself rather than clicking on the link. It is also important to make sure that your passwords are unique and hard to crack. Here are some tips for more secure passwords:
- Make your passwords at least 10 characters long, and include letters, numbers and symbols to make them harder to crack. Don’t just put the numbers and symbols at the end of the password, try to mix them in.
- Don’t use memorable keyboard paths. Much like the advice above, do not use sequential keyboard paths either (like QWERTY). These are among the first to be guessed.
- Try to use a passphrase rather than a password.
- You may have a lot of passwords to remember but try to avoid writing passwords down. Consider using a secure password manager.
- Don’t share passwords with friends or save usernames and passwords on shared computers, and always log out when you’re finished using someone else’s device.
- Don’t use personal information in your passwords, such as your cat’s name or your home address. These can be easily guessed by finding out information about you.
How do I stay secure when using my devices?
There are many threats to be aware of when using your computer, mobile phone and other devices. A large threat that is often overlooked is malware. Malware, also known as malicious software, attacks devices either by slowing them down significantly or stopping them from working entirely. It destroys computer systems through deploying agents onto the infected device. Malware can be released into a computer by clicking an infected link, downloading a file or material from an unknown source, clicking a pop-up ad, or downloading an email attachment from an unknown sender. Once malware is released into a computer system, hackers can gain access to all of your personal information and files. Here are some tips to limit your risk:
7. Make sure you have an antivirus product on your devices. It will help protect you online by making sure the websites are safe before you visit them.
8. Don’t open emails from people you don’t know – and check the sender’s email address by hovering the mouse over it to make sure someone is not trying to pretend to be someone you know.
9. Don’t download email attachments you are not expecting to receive.
10. Don’t click on any links you don’t recognise. If you must follow a link, copy and paste the link URL to make sure it is going to a legitimate site. Or navigate your own way to the website.
11. Be careful when using open Wi-Fi in public places, such as cafes, restaurants, airports, shopping centres, etc., do not log in to any private accounts where you have personal information. You don’t know who is snooping or tracking what you do. You could always use a virtual private network (VPN) when you are on open Wi-Fi, whether you are using your phone or computer. A VPN makes you anonymous online, encrypting all your activity so the bad guys can’t track you.
How can I stay safe online?
Social networking and many other websites make it really easy to stay in contact with friends and family around the globe and share what is happening in your day-to-day life. But it can also mean you are sharing personal information publicly. You wouldn’t hand personal information out to strangers randomly so be careful what you hand out to millions of people online. Cyber criminals can take this information and cross reference it with other data to form a bigger picture of who you are, where you live, and possibly what the answers to your login security questions are. Here are some tips for keeping personal information private online:
12. Limit those who can see your posts to only people you know using the privacy settings.
13. Limit how much you reveal about your daily routines, habits or travels. Do not participate in surveys that ask you to give away personal information like your date of birth, favourite colour, the name of your school school, etc. Again, cyber criminals can take this information.
14. Don’t use apps that access privacy information. Some can even access your Facebook friends’ information.
15. When you’re on social media, don’t befriend people you don’t actually know in real life. Be as cautious and sensible in your online social life as you are in your in-person social life.
16. The internet does not have a delete key. Any comment or image you post online may stay online forever, even removing the original doesn’t mean there aren’t other copies. Don’t post any remarks you wish you hadn’t made, embarrassing pictures of yourself or any other questionable material, you never know when these might surface again.
There is no way to fully protect yourself from cyber criminals as they are constantly coming up with new threats and attacks, but what you can do is educate yourself as well as your friends and family. Make sure to keep using best practices and ensuring you are doing all you can to protect yourself online and offline.