SOME UNSCRUPULOUS guys could gain access to your Email ID and password and later put it to misuse or abuse, causing you a lot of monetary loss or embarrassments. Besides knowing circumstances under which such losses occur, it is also necessary to learn how stolen password may be misused. We need to learn ways of preventing password thefts. Some help in choosing a good secure password may be welcome. This article is all about these!
How do cyber crime thieves get at this sensitive info?
You may carelessly leave it in your wallet, or note in some text file on your disk. You might have noted down such IDs and passwords in some diary and this may lie unguarded in your house. You may read it aloud over mobile to your son or daughter or trusted friend asking him access your own mail account for some urgent message. The guy who overhears will be clever enough to jot it down, especially those who manage Paid Phone booths. You may transmit it via email to some friend.
You might be using your Email in a public PC say a cyber cafe. The PC in the cybercafé may be installed with a simple program called "key board logger". This program will capture everything that you type (including that hidden password) and what is displayed by any program running on your PC and then store it in a secret hidden file. Analyzing the contents of such a hidden file, immediately after you leave, will reveal your UserId and passwords easily.
You may be signing up in a number of social networks, websites etc asking for UserID & password. These are sent back to you for verification via Email. Email messages are kept on your hard disk in text or other retrievable manner, if you are using Outlook, Pico, Thunderbird etc as mail client. Scrutinizing such files will yield a good number of your passwords. Thereafter hacking your password for Email becomes much simpler.
Many social networking sites ask for your Yahoo / Hotmail / Gmail UserId & password to be entered. Their idea is to help you automatically invite all your contacts to become your friends on that network. Many times the system may show you all your contacts and ask you to choose whom you would like to invite. Facebook, Sulekha, Rediff are some examples. There is no guarantee that both a) your email Id and password and b) the contacts lists that are downloaded and displayed are nor intercepted and misused. It is very easy for robots to be snooping around social network vicinity and capture unauthorized data.
Recently I allowed Sulekha to access and upload all my blog posts from my Blogger (Google) account, little realizing that the same password is used for gaining access to all Google services including Gmail. Uploaded blog posts appeared on Sulekha site for a few hours but later disappeared totally. When I realized some damage is being done, I quickly changed all my passwords.
How do people put stolen password to misuse?
Once a thief gets your password it is very easy to cheat or impersonate you. Orders for products and services may be placed online or via email with delivery to his own address under COD / VPP basis. He might send fake email requests for urgent help to your friend via some Yahoo or Google Group in which you are a member. One such message usually says that you are out of the country - you wallet is stolen - you are stranded in some hotel and that you need some money urgently to be transferred to you c/o hotel manger. This is bogus and fake.
Some tips to prevent ID theft:
Never leave your password unguarded anywhere in diaries, slips, purses etc.
Never say it out aloud over phone. If you must, change it immediately as soon as your work is over.
Never store your passwords in your hard disk that may be accessed by others.
Be wary of all usages in cyber cafes. Delete history, temp internet files etc after your use.
Be careful about what you store in your pen drives - especially email message copies in text format.
Have a password for important applications quite different from those you sign up in many trivial sites. Make the passwords very difficult to break or even guess.
How to choose a good password - A suggestion
I wish to suggest a simple method to assign passwords and also remember them. I suggest that you write out a longish proverb or quotation in your vernacular language, transliterate it into English. For example, read the following tongue twister transliterated from Tamil:
KadalOrathileOrural, uruludhu peraludhu
(For those who do not know Tamil and are curious about the meaning, it means: A stone mortar on the sea shore is rolling and re-rolling). From the transliterated phrase choose, say, any nine characters in sequence. Supposing you choose nine letters starting from sixth character (6,9) you will get: "OrathileO" This is your password. Just remember the phrase and 69 to recollect the correct password. The password is not easy to guess. It is a mixture of lower and uppercase. It does not resemble any known dictionary word. The phrase itself is some that you may normally cherish to remember. You may change the password easily any number of times from the same phrase choosing some other sequence of characters.
I hope you have trouble free Internet interactions with no password compromise at any time.
