Email security tips for everyone, not just American politicians

James Paterson - CloudSpark Solutions ltd

One of the biggest news stories of the current USA election process is the hacking and wikileaks release of the Hilary Clinton advisors emails.

Who carried out these hacks is not relevant to this article, but how they were carried should be of concern to every email user, whether you are running for President or not.

If  the advice below had been followed, it is very unlikely that these email accounts would have ever been compromised.

 

  • Use a strong password

A strong password is difficult to break by ‘brute force’. In the case of the Hilary Clinton emails, it would appear that the password being used by the political advisor (John Podesta) was ‘guessed’. This does not usually mean that the hacker manually attempted to guess the password (although they would have tried the usual ‘weak passwords’ such as ‘password‘ or ‘pa55word‘ first)

Brute force hacking is usually carried out by an app/program running on a computer or multiple computers, which attempts thousands of passwords per minute until it guesses correctly. These programs may take considerable time to guess the password, but they are usually successful if the password is not strong enough.

Example of a strong password  59(t£gsT&9hZ4#h3    (Yes, incredibly impractical, but this is a good example of the type of password you should be using)

 

  • Weak passwords

Weak passwords are usually made up from real words and names, sometimes prefixed by numbers, ie 1781Roses or with numbers substituting the letters, ie W1ndm1ll or Ph0n3

These weak passwords are very easy for hackers to guess, in fact most brute force hacking apps will try number substitution very early on in the hacking process.

 

  • Use unique passwords

It is important to use a different password for each system, ie you should never use the same password for your email as you do for twitter or facebook. If you do then it is very easy for the hacker to hijack your other accounts

 

  • Turn on two-factor authentication

Sounds technical, but in fact it is simply an additional layer of security that ensures that no other devices can access your account. Even if the hacker has discovered the password, they will still need the code that will get sent to your phone via text message.

 

  • Watch out for phishing sites

Phishing works like this: The hacker sends an email which  looks legitimate but is actually a fake. The end user clicks a link in the email which goes to a page that looks like the login page for their email account,bank, or an online system such as dropbox. The user then enters the login and password thinking they are accessing their own account, however without realizing it, they just gave their password to the hacker. Now the hacker can use this password to log in to the users system and exploit it in any way they wish.

 

  • Use a Password manager

Password managers are apps and services that keep track of all your passwords in a secure environment ensuring that you never lose access to vital services. Many will also complete online password forms for you automatically saving you having to type  in those ultra strong passwords that we recommended. Free password managers are available at  www.dashlane.com, www.lastpass.com and www.logmeonce.com​ amongst others

 

  • Change your passwords today!

Your accounts may already have been compromised, so change them today. Then continue to change them on a regular basis. We know it’s a pain, but your online identity and financial stability could be at stake.

 

 

 

 

 

Share this

Gold Patrons & Strategic Partners