We’ve all had one of our online accounts hacked at least once. If not, then we know someone who has. Sometimes it happens because of bad luck, but many a time it’s because we are careless and go around leaving our passwords in every computer we use to log in to our accounts. Today I’ll teach you a few simple things you can do to make sure your passwords remain private and that no one can access your account without your explicit permission and knowledge. But first let me ask, do you know how hackers manage to log in to your account? Well, there are many ways really, and we certainly cannot look at all of them here. However, people who hack social sites are more often than not small time hackers. As such they use simple hacks which we can anticipate and effectively counter.
A quick word of caution though, just because these hackers do not have a plethora of technical skills at their disposal does not mean that they are not a real threat. Someone can find a way to cause real damage to your social image, professional profile, personal relationships or crucial banking information just by accessing your email or Facebook account. Imagine logging in to your Facebook account and finding a notification that Annitah Kui SmartAss, Johnnie De Byadbouy Popcan and 23 other people commented on your post. So you click on the link and you find that a hacker used your account to post this on your timeline:
“Forgive me Lord, I’ll never abort another child. Rest in peace my sweet unnamed angel, Mommy wishes she had been wiser.”
Or maybe the hacker noticed you are male and decided to post this instead:
“I don’t know how to tell my Dad that I am gay. I cannot change who I am, but I don’t think he will accept me as his son anymore.”
Now imagine that Annitah Kui is a smart-ass frenemy from all the way back in high school. Perhaps because of that boy she liked but who ended up hitting on you and not her. How many people, family or friends, do you estimate she’ll have told to check your timeline by the time you find that notification? What if Johnnie De Byadbouy is not just a bad boy but a mouthy one too, and he goes about telling everyone about that post? More importantly, how many people do you think will entirely believe that your account was hacked even after you explain? This is a competitive society where everyone is ready to believe the worst about the next person. It simply makes them feel better about themselves. When you give people fodder for rumour, expect tongues to start wagging. It totally sucks when it’s your name that’s on everyone’s tongue, and not in a positive way. So be careful whenever you log in (and, as you’ll see below, also log out) of any of your online accounts, be it Facebook, Yahoo, GMail, Twitter, Instragram, etc.
The question that most of us are not able to answer even after their accounts have been hacked is: How did it happen? How was anyone able to guess my password? First off, in some cases, one doesn’t need to know your password to access your account. Surprise! I’ll explain why this is so by listing some of the most common ways your account can be hacked.
- Whenever you fill in your username and password, some of us enable the ‘Remember Me’ or ‘Keep me logged in’ checkbox, see image below. What this does is that even after you log out, your username/email and password fields will ALWAYS be filled in at the login screen as shown in the picture. If a stranger gets their hands on the computer you were using, all they need to do to is click “Log In”. Voila! A stranger is now logged in to your account. You’ve been hacked my friend! In this case, the person does not need to know anything about you prior to the hack, you are the one helping him hack your account.
- A slightly different, but more dangerous way, in which you may be exposing yourself to hacking is by saving your passwords in the computers you use, see image below. Most of the time when you click “Log in” in any website, your browser brings a pop-up window asking you to choose whether to remember your password or not. If you have ever selected “Remember Password” in any computer that is not your personal computer, I’d advise that you go and change that password right now. Why? Because anyone who can access that computer can see both your username and password, and can use this information to either log in to your account from any other computer in the world, or completely change your password and the password recovery information so that you can never log in to or recover that account again. In short, if someone has both your password and username, they can take over your account in such a way that you cannot even reset the password. And just like that your beloved Facebook or Twitter account is gone for good.
- Would like the browser to remember the password for this account? No please, I don’t like being hacked.
- If you select ‘Remember Password’ in the pop-up window shown above, your password and username will be saved somewhere in the browser as shown in the following picture. This is how a browser e.g. Mozilla saves usernames and passwords whenever you tell it to remember a password. Anyone using the computer can therefore be able to access your account by checking the username and corresponding password. (Part of the passwords have been blanked for the sake of the clueless owners.)
- A totally different approach to hacking is what is known as ‘social engineering’. Social engineers rely on the ever growing trend to socialise with strangers online. A social engineer will first send you a friend request, then perhaps comment on your picture or status update, an inbox message may then follow. Before you know it, the two of you are chatting back and forth like old friends. After establishing this rapport, the hacker posing as a friend will then find ways to extract private information from you without arousing suspicion. Unless you are really careful, you can’t notice because the hacker is experienced; they know how to make their questions appear like part of the natural conversation that the two of you are having. The information he gets from you can then be used to either make an informed guess of your password or, alternatively, to reset your password by answering the secret questions which you selected when you created your account. For your information, social engineering is not confined to social media alone. You can also be socially engineered via email, LinkedIn, or any other online accounts you own, this is sometimes called phishing depending on how it’s done.
- There is also another hacking technique you have commonly seen in movies, we will call it brute force. A hacker simply guesses your password as many times as he can until he gets it right. You might be thinking, “But that’s impossible!” Well, think again. There are computers and computer programs designed specifically for this kind of hacking. When you use a simple dictionary word or a number as password, you are very vulnerable to brute force hacking. A hacker’s computer program will simply keep guessing the words in the dictionary until it finds the right password for your account. It can also guess any combination of letters, numbers and any other symbols you may have included in your password. Theoretically, this kind of attack can crack any static password given enough time. Luckily for us all, this kind of hack only works for small passwords or those which can be found in the dictionary. You can therefore avoid brute force attack by creating a strong password of more than 8 characters including numbers and symbols. Passwords like love, money, 1234, password and so on should therefore be avoided if you want to be able to withstand a brute force attack.
The first two hacks can only be used by someone who has access to a computer you have previously used, this can be a cyber-cafe in your estate or a computer lab in your school. But the last two can be used by pretty much anyone, even from their basement somewhere in Slovakia. This post only sheds light into the simple hacks that can be used against you. In the next posts, I’ll tell you how to avoid each one of them and how to be generally safer online. We’ll start with the first two: click here to see how to avoid those two hacks.