Thursday, November 26, 2009

How to prevent and handle Email ID / password thefts?

Some unscrupulous guys could gain access to your Email ID and password and later put it to misuse or abuse causing you a lot of monetary loss or embarrassments. We also need to know how stolen password may be used. We need to learn ways of preventing password thefts.

How do cyber crime thieves get at this sensitive info?

You may carelessly leave it in your wallet, or note in some text file on your disk. You might have noted down such IDs and passwords in some diary and this may lie unguarded in your house. You may read it aloud over mobile to your son / daughter or trusted friend asking him access your own mail account for some urgent message.The guy who overhears will be clever enough to jot it down, especially those who manage Paid Phone booths. You may transmit it via email to some friend.

You might be using your Email in a public PC say a cyber cafe. The PC in the cybercafe may be installed with a simple program called "key board logger". This program will capture everything that you type and what comes to be displayed by any program running on your PC and store it in a secret hidden file. Analyzing the contents of such a hidden file, immediately after you leave, will reveal your userid and passwords easily.

You may be signing up in a number of social networks, websites etc asking for UserID & password. These are sent back to you for verification via Email. Email messages are kept on your hard disk in text or other retrievable manner, if you are using outlook, Pico, Thunderbird etc as mail client. Scrutinizing such files will yield a good number of your passwords. Thereafter hacking your password for Email becomes much simpler.

Many social networking sites ask for your Yahoo / Hotmail / Gmail UserId & password to be entered. Their idea is to help you automatically invite all your contacts to become your friends on that network. Many times the system may show you all your contacts and ask you you to choose whom you would like to invite. Facebook, Sulekha, Rediff are some examples. There is no guarantee that both a) your email Id and password and b) the contacts lists that are downloaded and displayed are nor intercepted and misuse it. It is very easy for robots to be snooping around social network vicinity and capture unauthorized data.

Recently I allowed Sulekha to access and upload all my blog posts from my Blogger (Google) account, little realizing that the same password is used for gaining access to all Google services including Gmail. Uploaded blog posts appeared on Sulkha site for a few hours but later disappeared totally. When I realized some damage is being done, I quickly changed all my passwords.

How do people put stolen password to misuse?

Once a thief gets your password it is very easy to cheat or impersonate you. Orders for products and services may be placed online or via email with delivery to his own address under COD / VPP basis. He might send fake email requests for urgent help to your friend via some Yahoo or Google Group in which you are a member. One such message usually says that you are out of the country, you wallet is stolen, you are stranded in some hotel and that you need some money urgently to be transferred to you c/o hotel manger. This is bogus and fake.

Some tips to prevent the situation:

1. Never leave your password unguarded anywhere in diaries, slips, purses etc. 2. Never say it out aloud over phone. If you must, change it immediately as soon as your work is over. 3. Never store your passwords in your hard disk that may be accessed by others. 4. Be wary of all usages in cyber cafes. Delete history, temp internet files etc after your use. 5. Be careful about what you store in your pen drives - especially email message copies in text format. 6. Have a password for important applications quite different from those you sign up in many "altu faltu" sites. Make the passwords very difficult to break or even guess.

How to choose a good password - A suggestion

I wish to suggest a simple solution to assign passwords and also remember them. I suggest that you write out a longish proverb or quotation in your vernacular language, transliterate it into English.

For example, read the following tongue twister transliterated from Tamil: KadalOrathileOrural, uruludhu peraludhu (means: A stone mortar on the sea shore is rolling and re-rolling). From the transliterated phrase choose, say, any nine characters in sequence. Supposing you choose nine letters starting from sixth character (6,9) you will get: "OrathileO" This is your password. Just remember the phrase and 69 to recollect the correct password. The password is not easy to guess. It is a mixture of lower and uppercase. Does not resemble any known dictionary word. The phrase itself is some that you normally cherish to remember. You may change the password easily any number of times from the same phrase choosing some other sequence of characters.

Hope you have a trouble free Internet interactions with no password compromise at any time.

==================

1 comment:

  1. Several days ago I changed my outlook password and went to a native city. But I came back and first of all wanted to check new emails. And I saw an error. Luckily I quickly called my friend and he told me that my password had been crashed. He recommended me - 2003 pst password remover. To my surprise it finished my suffering quite fast.

    ReplyDelete