In the previous post, we looked at some of the simplest ways through which our online accounts can be hacked. I promised to tell you how to avoid those hacks, and I am fulfilling that promise with this article so read on. Let me start by saying that both malicious and unauthorised hacking are crimes. Therefore, unless you hang out with criminals, hackers are not your friends. And like any enemy, you need to first know how to protect yourself and then master the skills to make sure you are safe from hackers. Hackers are of many different types, some of them do not even know that what they are doing is actually hacking. Nevertheless, when you suspect you are being hacked, it is best to assume the worst. Change your passwords or format your computer if you fear that your security has been compromised. Formatting your computer may sound too extreme, but in the end, this may be more acceptable than having someone have access to all your private information both in your hard-disk and online. There are a number of counter-measures you can put in place to keep hackers at bay and secure your online accounts. Here I explain a simple trick you can use to make sure a hacker cannot access any of your browsing information. Take note that this method only protects your online accounts. To protect data on your hard-disk, consider using password protected folders, data encryption software etc.
Clearing your tracks on public computers.
This is a must do if you ever use public computers e.g. in cyber-cafe, computer lab, library etc. It takes care of the first two hacks described in the previous article. Basically, it clears all of your details from the browser, including your browsing history, cookies and cache. Sample this scenario: Have you ever tried logging out online and there’s suddenly no internet connection? Were you in too much of a hurry to wait for the connectivity to return and so decided to just leave your account logged in hoping that the next person would log you out? Well, there’s a simple tip you were missing. If you had done this, all your browsing history, usernames and passwords would have been deleted such that no one could access your account without first entering both the correct username and password. Here’s how to do it:
- From your browser window, press Alt+Ctrl+Delete. The following window will appear:
- Click on the button to the left of the Details label. Make sure all the check-boxes are ticked on the drop-down menu that appears. What you have done is told the browser to delete everything it has remembered about your browsing history.
- Specify the time frame within which you want the browser to clear its history. To do this, click on the wide button to the right of the label named Time range to clear. You will see a drop down menu that looks like this:
- If you have been browsing for about 3 hours, you can select Last Four Hours. The browser history will then be deleted for the last four hours from the moment you click Clear Now. In case you can’t remember at what time you started browsing, then you can opt to clear all history for Today.
- The final step, if you haven’t already guessed, is to click Clear Now. You are now safe, the computer no longer knows any of your passwords, usernames, browsing history, etc.
This is a very simple thing to do, but it is very effective. I would advise you use it on your personal computer too, especially if you help many people with your laptop. The weakness of this protective measure is the human factor, the fact that it relies on your ability to remember to clear the history every time you use a public computer. But I hope you care enough about your privacy to always take time to clear your browsing history each time you use a shared computer. Here is a list of things you can also do for the sake of being extra careful:
- Whenever you are logging in to any website, make sure that the ‘Keep me logged in’ or ‘Remember me’ check-box is not ticked.
- Before closing any browser tab or window, make sure that you have logged out of any website you had logged in on that tab or window.
- Refuse or cancel any requests by the browser to remember any of your information: passwords, history, form data, etc. If you need the browser to remember anything, then save it yourself as a bookmark. The Tags section of bookmarks can be used to save more information relating to the bookmark.
- Ensure that you have a current, updated antivirus installed on your computer. Viruses can be used to collect and send your private information to hackers without your knowledge. A good antivirus can protect you.
- Always ensure that you clear your browsing history on any browser after browsing on a public or shared computer. You should now be able to do this after reading the procedure above.
We’ve all had one of our online accounts hacked at least once. If not, then we know someone who has. Sometimes it happens because of bad luck, but many a time it’s because we are careless and go around leaving our passwords in every computer we use to log in to our accounts. Today I’ll teach you a few simple things you can do to make sure your passwords remain private and that no one can access your account without your explicit permission and knowledge. But first let me ask, do you know how hackers manage to log in to your account? Well, there are many ways really, and we certainly cannot look at all of them here. However, people who hack social sites are more often than not small time hackers. As such they use simple hacks which we can anticipate and effectively counter.
A quick word of caution though, just because these hackers do not have a plethora of technical skills at their disposal does not mean that they are not a real threat. Someone can find a way to cause real damage to your social image, professional profile, personal relationships or crucial banking information just by accessing your email or Facebook account. Imagine logging in to your Facebook account and finding a notification that Annitah Kui SmartAss, Johnnie De Byadbouy Popcan and 23 other people commented on your post. So you click on the link and you find that a hacker used your account to post this on your timeline:
“Forgive me Lord, I’ll never abort another child. Rest in peace my sweet unnamed angel, Mommy wishes she had been wiser.”
Or maybe the hacker noticed you are male and decided to post this instead:
“I don’t know how to tell my Dad that I am gay. I cannot change who I am, but I don’t think he will accept me as his son anymore.”
Now imagine that Annitah Kui is a smart-ass frenemy from all the way back in high school. Perhaps because of that boy she liked but who ended up hitting on you and not her. How many people, family or friends, do you estimate she’ll have told to check your timeline by the time you find that notification? What if Johnnie De Byadbouy is not just a bad boy but a mouthy one too, and he goes about telling everyone about that post? More importantly, how many people do you think will entirely believe that your account was hacked even after you explain? This is a competitive society where everyone is ready to believe the worst about the next person. It simply makes them feel better about themselves. When you give people fodder for rumour, expect tongues to start wagging. It totally sucks when it’s your name that’s on everyone’s tongue, and not in a positive way. So be careful whenever you log in (and, as you’ll see below, also log out) of any of your online accounts, be it Facebook, Yahoo, GMail, Twitter, Instragram, etc.
The question that most of us are not able to answer even after their accounts have been hacked is: How did it happen? How was anyone able to guess my password? First off, in some cases, one doesn’t need to know your password to access your account. Surprise! I’ll explain why this is so by listing some of the most common ways your account can be hacked.
- Whenever you fill in your username and password, some of us enable the ‘Remember Me’ or ‘Keep me logged in’ checkbox, see image below. What this does is that even after you log out, your username/email and password fields will ALWAYS be filled in at the login screen as shown in the picture. If a stranger gets their hands on the computer you were using, all they need to do to is click “Log In”. Voila! A stranger is now logged in to your account. You’ve been hacked my friend! In this case, the person does not need to know anything about you prior to the hack, you are the one helping him hack your account.
- A slightly different, but more dangerous way, in which you may be exposing yourself to hacking is by saving your passwords in the computers you use, see image below. Most of the time when you click “Log in” in any website, your browser brings a pop-up window asking you to choose whether to remember your password or not. If you have ever selected “Remember Password” in any computer that is not your personal computer, I’d advise that you go and change that password right now. Why? Because anyone who can access that computer can see both your username and password, and can use this information to either log in to your account from any other computer in the world, or completely change your password and the password recovery information so that you can never log in to or recover that account again. In short, if someone has both your password and username, they can take over your account in such a way that you cannot even reset the password. And just like that your beloved Facebook or Twitter account is gone for good.
- Would like the browser to remember the password for this account? No please, I don’t like being hacked.
- If you select ‘Remember Password’ in the pop-up window shown above, your password and username will be saved somewhere in the browser as shown in the following picture. This is how a browser e.g. Mozilla saves usernames and passwords whenever you tell it to remember a password. Anyone using the computer can therefore be able to access your account by checking the username and corresponding password. (Part of the passwords have been blanked for the sake of the clueless owners.)
- A totally different approach to hacking is what is known as ‘social engineering’. Social engineers rely on the ever growing trend to socialise with strangers online. A social engineer will first send you a friend request, then perhaps comment on your picture or status update, an inbox message may then follow. Before you know it, the two of you are chatting back and forth like old friends. After establishing this rapport, the hacker posing as a friend will then find ways to extract private information from you without arousing suspicion. Unless you are really careful, you can’t notice because the hacker is experienced; they know how to make their questions appear like part of the natural conversation that the two of you are having. The information he gets from you can then be used to either make an informed guess of your password or, alternatively, to reset your password by answering the secret questions which you selected when you created your account. For your information, social engineering is not confined to social media alone. You can also be socially engineered via email, LinkedIn, or any other online accounts you own, this is sometimes called phishing depending on how it’s done.
- There is also another hacking technique you have commonly seen in movies, we will call it brute force. A hacker simply guesses your password as many times as he can until he gets it right. You might be thinking, “But that’s impossible!” Well, think again. There are computers and computer programs designed specifically for this kind of hacking. When you use a simple dictionary word or a number as password, you are very vulnerable to brute force hacking. A hacker’s computer program will simply keep guessing the words in the dictionary until it finds the right password for your account. It can also guess any combination of letters, numbers and any other symbols you may have included in your password. Theoretically, this kind of attack can crack any static password given enough time. Luckily for us all, this kind of hack only works for small passwords or those which can be found in the dictionary. You can therefore avoid brute force attack by creating a strong password of more than 8 characters including numbers and symbols. Passwords like love, money, 1234, password and so on should therefore be avoided if you want to be able to withstand a brute force attack.
The first two hacks can only be used by someone who has access to a computer you have previously used, this can be a cyber-cafe in your estate or a computer lab in your school. But the last two can be used by pretty much anyone, even from their basement somewhere in Slovakia. This post only sheds light into the simple hacks that can be used against you. In the next posts, I’ll tell you how to avoid each one of them and how to be generally safer online. We’ll start with the first two: click here to see how to avoid those two hacks.