[Security] Password Security
Friday, June 18th, 2010 - Security
This is a continuation of our Security Guide see the previous post.
What else can you do to protect yourself from hacking? In addition to securing your personal computer from malware and other malicious software, you should practice good overall security on your computer.
Are you storing your passwords on your computer? Are you saving your account’s password in your FTP client’s site manager? Are you saving login information in your browser? If you never have to manually type your password when connecting via FTP or to your cPanel or any other secure area, then you may be at risk. If you are never entering your password, then this means it is being stored somewhere on your computer. If it is stored somewhere on your computer, then it is free for the taking should any malware or malicious software exist on your computer.
Securing Passwords
You may have heard that writing down your password is a bad idea. This depends on your environment. If you work in an office cubicle, then having a piece of paper with your passwords written on it sitting next to your computer is probably not a good idea. But if you work from home, or only access your secure areas at home on your personal computer. Then having your passwords written down beside your computer is less of a security risk, as long as your house and the room that your computer is in stays secure and you do not have any unwanted visitors. Keeping your passwords written down, completely separate from your computer, is probably the best way to keep your passwords secure (I suppose memorizing your passwords completely would be the best way!) But if you work in a cubicle environment and need your passwords, perhaps keeping the password sheet in your wallet or some other item that you always have with you is best. In any case, making an effort to obscure your password, by placing the password sheet in a drawer or underneath something, is probably a good idea.
Why is this a better option than saving your passwords on your computer? By keeping your passwords separate from your computer you are preventing malware from learning of your passwords. Malware may get installed on your computer and it may be able to tell that you are the webmaster for your website, but it can only guess at what your password might be. Because if the password isn’t on your computer, it can’t know what your password is.
If you consider the ideal situation where you only access your website administrative side from your home computer, then generally you would be more trustworthy of any family members that might run across your password sheet. Compare this to the threat of malware stealing your login credentials from your computer and decide for yourself which is the higher risk.
Encrypt your passwords
If you must store your passwords on your computer, then it makes sense to secure these passwords as much as possible. Avoid using built-in site managers or browsers to store and save your passwords, as these can be easily compromised. Instead, I recommend the program KeePass. This is a program that can store password information with, and it encrypts the data, to make it more difficult for hackers and malware to read your password information.
With KeePass you create a single file that has all of your different password information. You can save this file, and encrypt it with a public/private key encryption system and also with a passphrase. The passphrase is not required, but I like having it just because it gives an extra layer of security. Here you can use an easy to remember password, which can then unlock the program to list all of your passwords.
I would recommend that you install this program and give it a try.
Secure your programs
Keeping scripts and applications that are on your website up-to-date is important. But it is also important that you keep the software installed and running on your computer up-to-date. One way to accomplish this is with Secunia’s Personal Software Inspector Program.
Secunia PSI works by scanning your computer to see what programs you have installed and what version. It then compares this information with a list of known software applications and their latest version. Any software that is found to be on your computer, but not up-to-date, it will warn you about. You can then take steps to remove or update the software to the latest version.
Secunia PSI keeps itself up-to-date so that it always has an updated list of application versions. If you keep it running in your System Tray, it will let you know when a new version of software is available.
Keeping the software applications on your computer up-to-date helps to insure that hackers, malware, and malicious software cannot take advantage of known security holes in that outdated software.
Steven
Next Post AMS Webhosting Security Features