It's important that you are safe while surfing online. It's very important.
The most recent browser updates show a change of colour and specific
details when you visit a protected website. It’s an indication, though
not proof, that you have protection.So it's important you take steps to make yourself as safe as possible. It takes just a few minutes of planning and careful thought now, so when you do get going on the web, you'll be reasonably secure.
Your basic online defence is a password, and we will get to that in a minute. But did know that there are other people working on your behalf, as well?
For example, you should have the most recent version of whatever browser or browsers you prefer. The programmers who assemble this very necessary software are constantly upgrading the security features _ well, as urgently as the beauty of the programmes.
Have a look at this week's screen shot, unless the editor has misplaced it yet again. Here is what the programmers have done for you in recent months on well, pretty much all the major browsers and platforms.
When you log on to a secure site, especially one where money is involved, especially online banking, it's imperative that you use a secure connection. The address should change automagically in your browser from "http" to "https" _ "s" for secure, geddit?
And now, browsers will also generally change colour from the default white in the first part of the address bar. In addition, they will add the name of the site you are connected to.
If you are trying to buy something or trying to get financial information of any kind and you do not see such features in your browser, then just quit.
But assuming you are securely connected, say to your online bank account or a shopping website, you will be asked to identify yourself using your username and password. And there's a new way of thinking up passwords these days _ randomly (actually pseudo-random, as random purity is almost impossible) _ which is not all it's cracked up to be.
Here is an eight-character password: "3RUDrew5". I got it at the Secure Password Generator at the fast and simple website www.pctools.com/guides/password. It is a combination of upper and lower case letters, along with numbers. The same generator gave me one with a punctuation mark when I asked it nicely: "SaP&7!8A".
Of course, it's almost impossible to remember these "randomly" generated passwords, especially since these days you need a dozen or 50 good passwords to log on to banking, news, storage, social media and other sites you go to, all of which require passwords.
And that's the problem with the so-called secure passwords. They are so secure they are obscure.
How about passwords that are secure and (perhaps) easier to remember. I don't mean so you can remember 50 passwords and recall which one is linked to which site, but passwords that don't have to be so obscure they look like a geek's source code.
Get yourself over to Steve Gibson's password security calculator at www.grc.com/haystack.htm.
Try whatever passwords you want, of course, but first try this. Type in my most-secure password: "SaP&7!8A". The calculator approves, and notes that a typical hacker would take 2,130 centuries to crack it, which is quite a long time wouldn't you say?
Now type in "Bang" (let's say for Bangkok), the two-digit month of your birthday and the year, then a comma and an exclamation mark, which would look something like this: "Bang1023,!". For this password, the calculator says it would take an automated online hacker more than 19 million centuries to crack.
Steve is an expert. If you don't know his name, trust me, he is. He also notes that the length of your password is much more important than the so-called randomly generated mix of letters, numbers and special characters. Our 10-character password is not at all random. In fact, it's almost as easy to remember as 123456, which is one of the world's most common passwords. Still, it is magnitudes stronger than the one given by the software machine, which cannot be humanly remembered either.
Let's say you're a businesswoman who flies a lot on Thai Airways International and your regular business outbound flight is TH437 (I made this up). The airline's acronym is THAI, so your password could be "Thai437" _ not too hard to remember. And if you really like it a lot, put two exclamation marks at the end.
So your password would look like "Thai437!!". According to the calculator, it would take an online hacker 200,000 centuries to crack this password. Chances are, he or she won't wait that long.
According to Gibson, if your sister's name is "Gop" and she is 26, who is married to Mr GOLF and lives in apartment #38, it would take the world's best password cracking supercomputer 1.41 hundred million centuries to work out that your banking password is "Gop26Mr.GOLF,#38".
None of the above steps should be directly used to make a password, pseudo-random or logical. You should think hard about it, and use your own system. If you prefer pseudo-random and unpronounceable passwords then fine. Just make it as long as possible.
The truth about passwords
The science behind hacking passwords has evolved much faster than the passwords themselves. While many websites and programs set limits on password-attempts that make brute-force attacks impossible, there are plenty of sites that do not. With many people using the same password for multiple sites and profiles, they don’t necessarily have to hack everything. They just need to find the weakest link.
The cartoon above by XKCD brilliantly and simply explains why long passwords with common random words are much more effective than the standard 1 capital letter, 1 number, 1 symbol, 8-12 character-long password. Below, we take a look at the most common passwords used. Moral of the story – don’t be dumb but don’t outsmart yourself.