Applications and data are now moving from your desktop to the cloud, and the easiest way to access them is through your account. Providers has installed security measures to prevent hackers from getting into their servers and to your valuable data. The only problem is that once the hacker has figured out your username and password, all these measures are useless.
This is why it is very important that we know how to make our account secure. There is no such thing as hacker proof but we can make it difficult for hackers. You don't need to be a computer geek to figure out how. Here are some tips on how to make your account difficult to hack.
Make your password difficult to guess
Use a combination of numbers (0-9), mixed lower case (a-z) and upper case (A-Z) alphabet, space, symbols (@#$%), and punctuations (.,?!) with your password. Also, your password should be at least 8 characters long. The higher password complexity and the longer the password is, the longer it will take for a hacker to crack your password (e.g. 100 yrs). You should also not use passwords such as birthday, name, and words that are easily found in a dictionary because these passwords takes less than a second to crack.
You can learn more about how hackers crack passwords and how to defend from it to further understand the reason why we have to make our password complex and long.
Use different password per account
Make sure that each account that you own has a different password. This is most important when it comes to your bank accounts, bank account password should be different with your social media account password. This is to prevent your other accounts from being hacked if one of your account password has been stolen.
It is difficult to memorize different password but once you learn secret on how to create easy to remember complex passwords. You can easily secure your accounts without any problem.
Do not share your password
Some hackers might pretend that they are an employee from your service provider and need your password to troubleshoot a problem. Don't fall for it and never share password even if the person is a legitimate employee. If sharing your password is a must, only share it with someone you know personally and use a password manager.
Service providers have means to troubleshoot your account without the need to know your password. They can simulate the login process, the application behavior once logged in, and logout action without even using your password. This is to emphasize that your service provider don't need your password.
Take advantage of your mobile phone
You setup your account to require username, password, and a token. A token is a set of characters that changes every 30 seconds and is valid only for 1 minute. This token is sent to your mobile phone via SMS or is generated by an app installed in your smart phone. The key concept here is that in the event that your username and password has been compromised, the hacker won't be able to login because they don't have your mobile phone that will receive the SMS containing the token or the smart phone to generate the token.
This technique is called 2-factor authentication or 2-step verification. This method will require the account owner 2 components to access their account. These components are "something you know" (e.g. username and password) and "something you own" (e.g. mobile phone). The problem with 2-factor authentication is that not all services supports such method. You can checkout the list of sites that support the method at https://twofactorauth.org/.
Keep an eye for eavesdropper
There are two ways to eavesdrop through a computer, the first is via network (e.g. internet, office network, WiFi), and the second is with use of a spyware.
To protect yourself from network eavesdropper, make sure to use a secure connection and never trust invalid security certificate. Over the internet, a secure connection is established when your accessing a website via HTTPS. If you are accessing a malicious website via https, your browser may warn you about untrusted connection or invalid security certificate; never proceed or trust websites that generates warning.
A spyware is an application installed to a computer to monitor or to capture sensitive information. You can detect this with antivirus software that has a spyware detection feature. A new spyware may not be to detected immediately, a feature called behavioral scan can be used to detect new spyware that are undetected by regular antivirus engine.