Privacy: This site does not use cookies, but our advertisers may. Affiliate links may pay commissions to keep this site and related informational sites running.

 

Tips for Online Safety and Security

Using Safer, More Secure Passwords

There are lots of reasons to use different passwords for different websites.

The simplest reason is that if two web sites have the same password stored for you and one of those sites gets hacked, someone with the hacked information could get into the other site using that duplicate password. Hacks have happened where millions of usernames and password combinations are acquired.

Most sites nowadays store your password in a hash format or in an encrypted format, which reduces the risk of someone using your stolen password information on a second site. Its much safer for a site to offer to reset your password than it is for a website to email you your password. If you can read your password in a plain email, a malicious person might be able to read it as well.

Older sites and sites created by cheap or inexperienced programmers may store your password in plain text, which means if someone hacks that site's database, they won't have to do any extra work to figure out your password, it'll just be there in plain sight.

Even if your password is stored more securely on the website's end with encryption and hash, the password itself is not considered safe unless it travels the Internet in an encrypted way.

We generally access the web in one of two ways, the plain text way of http://, which is considered faster and generally cheaper, and the encrypted way of https://. Before sites switched over to https://, anyone between you and the destination site could read whatever you accessed or sent. For example, if you wrote messages on Facebook before the https://, your messages could have been logged and read by Internet providers (or sadly, hackers) who had access to the data as it traveled across the Internet.

Larger sites have mostly switched to https:// when sending private information. If you log into Gmail, or into Facebook from the web, chances are you're using an https:// connection. You can check to see if the connection will be secure. The downside is that apps you download on your mobile device are more hidden. If you have the technology and technical know-how to inspect the packets as they leave your network, you can check to make sure that your data is traveling securely from an app. In general, we would like to assume that the data is sent securely from our phone, but in reality there's a very very good chance it's not traveling completely securely. And it's difficult for you to know. That's part of why I stress using different passwords across different sites and apps.

Data will generally travel over multiple servers between you and its destination. Just imagine a pizza being delivered. If you live next to the pizza place, it would be delivered directly to you. If you are down the street, anyone along that street can tell that a pizza is being delivered. The scary part about the Internet is that unlike a pizza delivery guy, when data travels down the Internet, it also brings with it information on where its going. It's like the pizza delivery guy having a flashing LED telling you the address of where the pizza will be delivered.

Data that travels over an https:// connection still contains information about where its going, but its able to mask what the actual contents are. In the terms of the pizza analogy, we now can't automatically determine whether its a pizza delivery, a mail truck, someone driving home, or a kid riding a tricycle. We know that something is moving in a certain direction, and its a certain size, but we're not able to easily decipher what's actually going down the street. In reality, data travels town to town, city to city, and sometimes overseas. It can go through a lot of places before it gets to its destination, and there could be someone snooping anywhere along the way.

If you're at a coffee shop or on some sort of public Wifi connection like at a library and you enter your password to be transmitted over an http:// connection instead of https:// connection, anyone drinking coffee or a kid on their tablet could be maliciously trying to capture your username and password. The more people that are around, the more likely it is to be happening. Giving your password over an http:// connection is like yelling your PIN number to everyone behind you on your purchase on Black Friday. Most people won't write it down, and will just think you're a total moron, but someone behind you could be malicious.

Don't let me give you the idea that everything is secure and peachy. Hackers sometimes try to hack the system so you're transmitting the https:// data to them instead of where you intend. This is a complicated topic that you can explore at your own leisure. But the whole point of this is, don't use a password at more than one site. Mix up your passwords. Thanks!