Saturday, June 16, 2012

Security alert: Email accounts under attack

Here is an article I wrote for AYSO, but it applies to everyone. Since many close friends and family have been hacked recently, I'm posting it again here. Yahoo email accounts (and thus Pacbell and ATT too) seem particularly vulnerable. I think there is some fundamental flaw in Yahoo email security that has yet to be discovered and fixed by Yahoo.

Please read and take action!

------------

Email account hacking is an epidemic that is effecting just about everyone. If you haven't been hacked yet, review your security measures to make sure your account is hacker proof.

If your email account is broken into, your account will be used to send dangerous or misleading spam emails to all your friends. Your email archives and address books may be deleted. Your stored emails may reveal sensitive information about you as well as others that can be used to break into other accounts owned by you and your friends. All of your other accounts and your friends accounts will be attacked using the information in your email archives

From interviewing many of the people whose accounts were hacked, the most common theme is passwords that were less than 10 characters long -- often just 8 characters. It is also possible their computers were infected but most had up-to-date virus software. Some have had old operating systems or browsers.

All AYSO volunteers should do their part to keep AYSO information safe and secure by using strong passwords for their email and AYSO accounts and ensuring their computers are secured and kept safe. This will protect your own personal information as well!!

Some key tips:
1) Keep your computer(s) malware-free by using good virus protection software and only installing software from safe sources.
2) Keep your operating system and web browsers current with the latest releases that have had security holes patched.
3) Do NOT click on links to suspicious sites. Those sites may be able to attack your computer simply by visiting them.
4) Never have your web browser save your passwords. This stores passwords in insecure locations where malware can get them.
5) Use different strong passwords for every account you have.

What is a strong password?

Strong passwords:
1) are long -- ideally 16 characters or more (sentences can be memorable strong passwords);
2) use many different characters -- upper and lower case letters, numbers, and even punctuation or other special characters;
3) are unique – use a different password for each account (so if one account is compromised that password cannot be used to break into other accounts);
4) are hard to guess -- not something that is easily discovered about you like your dog's name or your mother's maiden name – which also means you should treat your security questions just like passwords (!);
5) are changed periodically.

If you have more than 2-3 passwords, doing the above and remembering them is challenging.

Many of us have a dozen or more online accounts between email, AYSO, banks, credit cards, Facebook, and more. How can you remember many different strong passwords for each of these accounts?  You could write them down on a piece of paper, but if you do please store it securely and make a copy (backup) in case you lose it. A better solution is to use a password manager to handle your strong passwords so you just need to remember one password -- for the password manager itself. One of the best password managers is LastPass (https://LastPass.com).

LastPass can remember all of your passwords and it also:
1) enters web usernames and passwords automatically so you don't have to type them (saves you significant typing and mistyping);
2) generates strong passwords of any length;
3) backs itself up automatically to a secure location so your passwords are available to you (and only you) on as many computers as you wish (even if your computer is stolen);
4) prevents phishing/spoof attacks by distinguishing valid websites (where it is safe to enter passwords) from invalid ones;
5) is your safe deposit box in the sky for other critical but sensitive bits of information (account numbers, PINs, combinations, etc);
6) is itself very secure (reviewed by many independent security experts and companies); and
7) is free and easy to use!!

For additional password managers and safe computing practices, please read:
http://www.pcworld.com/article/208113/best_password_managers_top_4_reviewed.html
and
http://www.consumerreports.org/cro/2012/01/hack-proof-your-passwords/index.htm

Thanks for doing your part to protect yourself and your AYSO team!