Account Security
How Do Accounts Get Compromised?
These are the three most common ways:
- You give someone access to your account (your password) and they misuse or share it.
- Phishing: Tricking you into logging in to a fake site that looks like the real one, but actually steals your login info.
- Scams: Tricking you into giving your login info. For example, by promising free stuff.
- Social Engineering: Finding out the answers to your recovery questions.
- Ex: Your birthday and pet's name are not very good recovery questions, if that information is publicly available through Facebook.
- Often this information is found out by first hacking one of your other online accounts.
- For example, maybe you use the same password (or variants) or recovery information for multiple accounts.
- You have an easy-to-guess password.
- like "password" or "p@ssw0rd" or "p@5%w)rd!23", or anything based on a single english word
- Anything based on a name.
- Anything based on personal information.
- Any phrases or quotes that could be found online.
How Can I Protect My Account?
- Don't give others your login info. If they must get access, log them in yourself, watch them while they're using the account, and log them out when they're done.
- Even if they are trustworthy and have good intentions, they might accidentally compromise your info. Each other person who knows your login info is another place that your account could get compromised.
- [Phishing] Always check what site you are on before you type your password. Look at the URL in your browser's address bar. Is it the URL of the site you thought you were on?
- If you set your browser to remember your passwords, it will do this check for you each time it enters a password, so you only have to check when you enter it for the first time.
- [Scams] See #1: Don't give out your login info. Period.
- [Social Engineering] Think before you share personal info online. Only share a minimum of personal information, with as few people as possible.
- Use different login info for each of your accounts.
- Use strong passwords.
Use Master Password for passwords
Strong passwords can be hard to remember, especially when you have a lot of different ones. But the best security practices say you should do exactly that! Master password makes that easy: all you need to do is remember your name and one master password, and Master Password will take care of the rest.