Part IV: Safety (1) - Passwords

I'm planning to do a series of quick and relatively short articles on computer safety. Here's the first one. By computer safety, I don't mean physical safety tips such as not dropping the thing on your toe, or avoiding dodgy electrical wiring; hopefully such things will be obvious to you. What I'm going to be talking about is how to be safer from such things as:

In general, I'll be covering these safety techniques using Windows based systems for examples, as that's what I run on my own computer. Having said that, the same or similar techniques can be equally applied on other system such as Macintosh or Linux, so please bear that in mind.

Always use a Password

You may have several user accounts on your computer. Each and every one of them should have a password set. If you don't do this, then your entire computer may be at risk as anyone can log in whenever they want. This could happen physically, e.g. if you leave your lap-top unattended. It can also happen remotely if you are connected to the internet.

Don't Reuse Passwords

Passwords should be used on all kinds of computer accounts, not just the operating system ones. So whenever you sign up for anything such as facebook, twitter, e-bay, on-line banking or whatever; you should use a different password each time. Otherwise, if one password is compromised then all of your accounts will also be compromised.

You should also change your passwords regularly, in case one or more have been compromised without you realising it. Recycling old passwords is therefore a bad idea.

Choose Difficult Passwords

A difficult password will be harder for you to remember but it will also be harder for nasty people to crack. The first things a hacker will try will be things related to your name, your birthday and other obvious information. Therefore don't make it easy for them: avoid obvious passwords.

It's a good idea to mix up letters and numbers in your password, and to mix up lower and upper case characters. You can use some kinds of punctuation too, but be careful not to use characters that are so weird that you can't type them on all keyboards. Here are a couple of examples:

Bad password:   captainblack
Good password:  Capta1nB!acK

Don't Write Down your Passwords

If your portable is stolen, along with your briefcase/handbag and you have your password written down with it, then the thief will have access. You may as well have not bothered with the password in the first place! Same goes for having them written down in a desk drawer at work or at home.

For similar reasons, don't store your passwords in a document or file on the computer, unless that file is itself password-protected.

Do Write Down your Passwords

"What?" I hear you cry, "But I thought you just said..."

If your (human) memory is in need of an upgrade, as mine seems to be more and more these days, then it might be wise to have all of your current passwords noted down. I would also recommend storing them in a locked container of some kind. Safes are good for this.

Don't forget to update the note whenever you change your passwords.

Don't be Administrator

How often do you install new software on your computer? How often do you need to carry out other maintenance? Not that often, right? So why are you using an administrative account for your everyday work? Administrative accounts give you more rights and privileges than restricted ones but this is a mixed blessing.

The good news is that administrative accounts allow you to make system-wide changes to your computer, such as applying security patches, installing new applications, upgrading existing software, adding new user accounts.

The bad news is that any malicious software you download, even unknowingly, running in an administrative account, will have these same privileges. This compromises the security of your system and, in a worse case scenario, can wreak havoc and render it inoperable.

My advice is to have two accounts. Possibly more if you share the computer with others.

Restricted user account(s): For everyday work and play.
Administrative account: For system maintenance and alterations.

Using a restricted account will not by itself prevent you from downloading malicious software, but it will prevent their payloads from doing any real damage.

*

By following these very simple tips, you'll significantly reduce the probability of your computer being hijacked by those nasty individuals and dodgy companies out there.