The smart paranoid's guide to using Google

By Logan Kugler, Computerworld |  Internet, Google, privacy

You'll have to insist that others send you only encrypted e-mail, though, or all your incoming e-mail will still be in plain text. Unfortunately, there are no equivalent encryption tools for other Google services -- some, like Google Health, encrypt your data, but not all do.

Risk 4: Hackers guessing your log-in

While hacking into Google might be difficult, hacking into your particular Google account probably isn't. Most people use simple, easy-to-remember passwords -- often the same one on dozens of sites -- which means a hacker with some basic information about you could easily crack your account.

If you use a single English-language word as a password, a hacker who knows just your e-mail address can crack your account in a few seconds by using common cracking tools that simply try every word in the dictionary.

And on Google, your password accesses everything, from your medical records on Google Health to your credit card numbers on Google Checkout.

Defcon 2

Use a password management program like KeePass or RoboForm to generate and remember strong passwords (such as W2J@Y*YHzqrkd) that are almost impossible to guess. And change your password regularly -- once a month or more.

Defcon 1

Use multifactor authentication. Using just a password to log into a service gives you only one point of failure: If someone gets your password, you're vulnerable. Multifactor authentication requires you to verify your identity in two or more ways.

"Multifactor authentication is based on using at least two of three things: something you know, something you have and something you are," says TriCipher's Sonecha. A password (something you know) is one factor. Services such as TriCipher's MyOneLogin and MultiFactor Corp.'s SecureAuth limit access by requiring additional verification, such as a VeriSign security token or a file on your computer (something you have) or a fingerprint (something you are).

MyOneLogin offers its secure authorization free for users of Google Apps or, for $3 a month, you can sign up for a service that covers not just your Google account but all of your online activity. You can add Web sites or Web applications from MyOneLogin's vast library, or easily set up applications MyOneLogin doesn't cover yet. (Click "Free Trial" on the home page to get started.)

Risk 5: Hackers cracking your log-in

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question