0
More Ways To Stay Safe
Posted by
Hahli Husky
,
Jun 23 2010
·
193 views
BZP keep your shirt on hackerz
6/23/10: Bumping because it's somewhat relevant.
For awhile, I've been wanting to share some measures of staying safe and keeping any of your accounts safe on these scary interwebs. This is stuff I've picked up over many years, and after helping friends who have their accounts hacked and stolen. After the recent hackings on BZP, now is as good a time as any.
~ Safe password
Okay, yeah, this is a given. The password advice provided here is a very excellent place to start. But I know so many people who read the advice and put off changing their password to something safer. Which brings me to my first point:
1. Care about the problem even when it's not an active concern! So maybe some features are disabled on BZP or it may be a while before someone gets hacked again. The point is, it CAN and MAY happen again. You lock your doors even if there hasn't been a robbery on your street in a long time, right? (If not, seriously consider it, lol.) If your password is unsafe or too simple, CHANGE IT NOW. Don't finish reading this, don't answer the phone, don't finish your sushi before you fix your password! If you suspect your password is unsafe, but aren't sure, change it anyway. If you don't know whether the lunchmeat has gone bad or not, THROW IT OUT. Better than puking your guts out later.
2. Getting your account hacked will not be just your problem. Whoever the hacker messages under your name will be affected. Whoever runs into the spam topics they post will be affected. So don't sit there thinking "Oh, if my account gets hacked, it's no problem for me. I won't mind." Make sure your password is safe.
3. Don't share your password with anyone. I can't believe I have to say this. But seriously, I know people who text message me things like, "Can you login to my account to delete that thing/check my messages/do this for me? My username is Schmo and my password is Puppies." My answer is usually "No, and change your password." Sometimes, though, there may be an emergency. One time at work, I texted something private to Twitter by mistake. Since I was nowhere near a computer, I asked my boyfriend to delete it. As soon as I got home I changed my password. This doesn't mean I suspect my boyfriend is going to take my Twitter account. This is just a practice for me. I would do it even if I had shared my password with my mother. If you HAVE to share it, change it as soon as you can.
4. Don't keep a file of your passwords on any computer. Even if the file is password-protected. Don't even go there. Buy yourself a little notebook, write them down in there, and keep the notebook out of sight or high-traffic areas. Trying to hide it in an obscure location, however, will increase your chances of it being read by someone else in your home.
5. Have unique passwords for high-risk websites. This means bank websites, email, BZP, and any other commonly-hacked site or site containing sensitive information.
"But I could never remember so many passwords!"
Suck it up and keep a notebook!! I have the worst memory in the world. It's probably worse than yours. If you care about your safety, you can get over your self-diagnosed "memory-loss." This is how my passwords are setup:
Personal, Business, and Possible Spam Email Accounts: Variations on an object.
Social Networking Sites: Variations on an object.
BZP Email: Variation on an object that is not related to or used in any other password I have.
BZP: Variation on an object that is not related to or used in any other password I have.
Bank: Variation on an object that is not related to or used in any other password I have.
Shopping/Selling Sites: Each is a variation on an object that is not related to or used in any other password I have.
Other Forums: Variations on an object.
Journals/Blogs: Variations on an object.
Music and Art Websites: Variations on an object.
IM Clients: Each is a variation on an object that is not related to or used in any other password I have.
This way I keep themes for each type of site. This makes other sites' passwords easy to remember. However, the sensitive sites have their own, unique setups.
~ General Safety
This is not so much about preventing being hacked as it is avoiding those who are hacked or those who are looking to hack.
1. Keep your IM accounts set on private. If you need a public one for various people to contact you, then make a seperate account, but keep your friends on your private account. Most universal clients will let you log in to more than one account at once.
When I had my accounts set on public, I got IMs from people I had never given my screen name to or knew from any website. They just found my name on a list or were typing their friend's screen name incorrectly. If someone on BZP wants to IM you, verify through private messager first.
2. Pause before opening an odd message. Same as email, right? If you get a message from a member you've never talked to or especially heard of, with a strange or undescriptive subject line, you may not want to open it right away. This is really based on situation and gut-feeling. Sometimes I'll check out the member's profile; are they suspended, have no posts or topics, have spam posts or topics? If something seems really weird, I'll let it sit about 24 hours. Sometimes it turns out to be hacker spam that gets removed, sometimes it's just a member who doesn't write relevant subject lines.
If you do open the message, be ready. Just because we strive to keep BZP clean doesn't mean it will always be, so don't waltz about expecting that all the time. Seriously, it lessens the drama and the shock. Just be ready to exit your browser or go back a page. If the message is bad/offending/inappropriate spam, don't respond. REPORT.
3. When a member you've never talked to sends you a link saying "Click here!", "Look at this!" or the like, be careful. It may be spam, or it may be advertising, or they may be stupid. Hover over the link, or copy and paste the link location into a text box to check it out. If the URL is to a BZP page, whatever. People are attention-hounds. If it's to another website, follow the steps here.
4. Pause when you've received a strange message from a friend. If JaneBohrok is usually very serious and polite, and she sends you a message saying "CLICK HERE, look at this okay!!", a flame PM without reason, or a message that seems very uncharacteristic, it may not be JB. Don't instantly fire off an angry email or IM reply saying you're no longer friends. If you suspect she has been hacked, don't respond. Notify a staff member with the message and member's name.
5. Log out when you are done. Anytime, anywhere. Clean out your cookies now and then. ALWAYS LOG OUT ON SOMEONE ELSE'S COMPUTER. If it's a friend's computer, ask if you can clear your history and/or any cookies. If it's a public computer, such as at the library, clear the history and cookies if you can.
~ During a Hack
There are also some important things to remember once a hack has been announced and/or discovered.
1. Calm down. Don't burst a blood vessel over this, or start worrying all over BZP, your blog, FB, wherever. You will only worry more members. Whether the hackers are just bored brats or upset ex-members, they feed off of your panic and attention. That's why they're wasting their time hacking a website for a kids toy line in the first place.
2. Don't open a message or topic that seems like it could be spam. Duh? Just wait it out. Nobody should be offended if you wait a day or two to open a message.
3. Don't go hunting down the hackers. Even if you or your friend gets hacked, just stay as safe as you can. You know the "no heroes during a robbery" rule at retail stores? Stay safe, okay?
EDIT 6/23/10: I am stressing this now. They just want attention, good or bad, and the more you give them, the more encouraged they are. Don't feel like you need to tell them why they're wrong. They are NOT going to listen to you.
4. Don't bother the staff for information. (Thank you, Sixie) Please?? Don't IM, tweet, or post on our walls asking when the forums will come back online. Don't ask for the run-down of the entire situation. The administrators are doing all they can for the website, and in order to do so without interruption, the forums are set to offline. Don't create more interruptions or become a pest. You should:
Find. Something. Else. To. Do. There's more internet out there. Heck, there is a WORLD out there. You're not missing anything on BZP if no one but the admins can access it.
It may seem like I'm making a big deal out of this, and I am. Don't lose sleep or get acne or ulcers over this, just make sure you're doing your part to keep BZP an awesome and safe place to hang out. And add any thoughts or suggestions!
-HH
For awhile, I've been wanting to share some measures of staying safe and keeping any of your accounts safe on these scary interwebs. This is stuff I've picked up over many years, and after helping friends who have their accounts hacked and stolen. After the recent hackings on BZP, now is as good a time as any.
~ Safe password
Okay, yeah, this is a given. The password advice provided here is a very excellent place to start. But I know so many people who read the advice and put off changing their password to something safer. Which brings me to my first point:
1. Care about the problem even when it's not an active concern! So maybe some features are disabled on BZP or it may be a while before someone gets hacked again. The point is, it CAN and MAY happen again. You lock your doors even if there hasn't been a robbery on your street in a long time, right? (If not, seriously consider it, lol.) If your password is unsafe or too simple, CHANGE IT NOW. Don't finish reading this, don't answer the phone, don't finish your sushi before you fix your password! If you suspect your password is unsafe, but aren't sure, change it anyway. If you don't know whether the lunchmeat has gone bad or not, THROW IT OUT. Better than puking your guts out later.
2. Getting your account hacked will not be just your problem. Whoever the hacker messages under your name will be affected. Whoever runs into the spam topics they post will be affected. So don't sit there thinking "Oh, if my account gets hacked, it's no problem for me. I won't mind." Make sure your password is safe.
3. Don't share your password with anyone. I can't believe I have to say this. But seriously, I know people who text message me things like, "Can you login to my account to delete that thing/check my messages/do this for me? My username is Schmo and my password is Puppies." My answer is usually "No, and change your password." Sometimes, though, there may be an emergency. One time at work, I texted something private to Twitter by mistake. Since I was nowhere near a computer, I asked my boyfriend to delete it. As soon as I got home I changed my password. This doesn't mean I suspect my boyfriend is going to take my Twitter account. This is just a practice for me. I would do it even if I had shared my password with my mother. If you HAVE to share it, change it as soon as you can.
4. Don't keep a file of your passwords on any computer. Even if the file is password-protected. Don't even go there. Buy yourself a little notebook, write them down in there, and keep the notebook out of sight or high-traffic areas. Trying to hide it in an obscure location, however, will increase your chances of it being read by someone else in your home.
5. Have unique passwords for high-risk websites. This means bank websites, email, BZP, and any other commonly-hacked site or site containing sensitive information.
"But I could never remember so many passwords!"
Suck it up and keep a notebook!! I have the worst memory in the world. It's probably worse than yours. If you care about your safety, you can get over your self-diagnosed "memory-loss." This is how my passwords are setup:
Personal, Business, and Possible Spam Email Accounts: Variations on an object.
Social Networking Sites: Variations on an object.
BZP Email: Variation on an object that is not related to or used in any other password I have.
BZP: Variation on an object that is not related to or used in any other password I have.
Bank: Variation on an object that is not related to or used in any other password I have.
Shopping/Selling Sites: Each is a variation on an object that is not related to or used in any other password I have.
Other Forums: Variations on an object.
Journals/Blogs: Variations on an object.
Music and Art Websites: Variations on an object.
IM Clients: Each is a variation on an object that is not related to or used in any other password I have.
This way I keep themes for each type of site. This makes other sites' passwords easy to remember. However, the sensitive sites have their own, unique setups.
~ General Safety
This is not so much about preventing being hacked as it is avoiding those who are hacked or those who are looking to hack.
1. Keep your IM accounts set on private. If you need a public one for various people to contact you, then make a seperate account, but keep your friends on your private account. Most universal clients will let you log in to more than one account at once.
When I had my accounts set on public, I got IMs from people I had never given my screen name to or knew from any website. They just found my name on a list or were typing their friend's screen name incorrectly. If someone on BZP wants to IM you, verify through private messager first.
2. Pause before opening an odd message. Same as email, right? If you get a message from a member you've never talked to or especially heard of, with a strange or undescriptive subject line, you may not want to open it right away. This is really based on situation and gut-feeling. Sometimes I'll check out the member's profile; are they suspended, have no posts or topics, have spam posts or topics? If something seems really weird, I'll let it sit about 24 hours. Sometimes it turns out to be hacker spam that gets removed, sometimes it's just a member who doesn't write relevant subject lines.
If you do open the message, be ready. Just because we strive to keep BZP clean doesn't mean it will always be, so don't waltz about expecting that all the time. Seriously, it lessens the drama and the shock. Just be ready to exit your browser or go back a page. If the message is bad/offending/inappropriate spam, don't respond. REPORT.
3. When a member you've never talked to sends you a link saying "Click here!", "Look at this!" or the like, be careful. It may be spam, or it may be advertising, or they may be stupid. Hover over the link, or copy and paste the link location into a text box to check it out. If the URL is to a BZP page, whatever. People are attention-hounds. If it's to another website, follow the steps here.
4. Pause when you've received a strange message from a friend. If JaneBohrok is usually very serious and polite, and she sends you a message saying "CLICK HERE, look at this okay!!", a flame PM without reason, or a message that seems very uncharacteristic, it may not be JB. Don't instantly fire off an angry email or IM reply saying you're no longer friends. If you suspect she has been hacked, don't respond. Notify a staff member with the message and member's name.
5. Log out when you are done. Anytime, anywhere. Clean out your cookies now and then. ALWAYS LOG OUT ON SOMEONE ELSE'S COMPUTER. If it's a friend's computer, ask if you can clear your history and/or any cookies. If it's a public computer, such as at the library, clear the history and cookies if you can.
~ During a Hack
There are also some important things to remember once a hack has been announced and/or discovered.
1. Calm down. Don't burst a blood vessel over this, or start worrying all over BZP, your blog, FB, wherever. You will only worry more members. Whether the hackers are just bored brats or upset ex-members, they feed off of your panic and attention. That's why they're wasting their time hacking a website for a kids toy line in the first place.
2. Don't open a message or topic that seems like it could be spam. Duh? Just wait it out. Nobody should be offended if you wait a day or two to open a message.
3. Don't go hunting down the hackers. Even if you or your friend gets hacked, just stay as safe as you can. You know the "no heroes during a robbery" rule at retail stores? Stay safe, okay?
EDIT 6/23/10: I am stressing this now. They just want attention, good or bad, and the more you give them, the more encouraged they are. Don't feel like you need to tell them why they're wrong. They are NOT going to listen to you.
4. Don't bother the staff for information. (Thank you, Sixie) Please?? Don't IM, tweet, or post on our walls asking when the forums will come back online. Don't ask for the run-down of the entire situation. The administrators are doing all they can for the website, and in order to do so without interruption, the forums are set to offline. Don't create more interruptions or become a pest. You should:
Find. Something. Else. To. Do. There's more internet out there. Heck, there is a WORLD out there. You're not missing anything on BZP if no one but the admins can access it.
It may seem like I'm making a big deal out of this, and I am. Don't lose sleep or get acne or ulcers over this, just make sure you're doing your part to keep BZP an awesome and safe place to hang out. And add any thoughts or suggestions!
-HH
Another tip for strong passwords: Try using special characters, such as those found in the Windows Character Map. You should be easily able to write down the special characters used in your password on a piece of paper/notebook like HH said, and opening the character map each time shouldn't be an issue. It's a very efficient way to keep your password out of reach from softwares that aid in hacking.
I had to learn the hard way. >.>
-SK