Staying Safe and Secure Online

Hello friends, 
Just spend a few minutes reading this and you won't regret that you have wasted time. You will definitely get something out of this. I am writing this post to explain how to stay safe and secure online. Let it be Facebook, Twitter account, email account or anything you do when you are connected to internet as a user of any portal or anonymously (without logging in as a user). There are infinite possibilities in cyberspace, one may lose his/her bank balance within a matter of minutes, lose everything about personal life, lose important business information, etc. And the main cause of all these things is insufficient care and precautions on the part of user himself/herself.

The first and the most important thing to understand about passwords is that, there is nothing under the sun that reveals your account password except YOU directly or indirectly. Let me explain how passwords work. When you sign up for an account and create your password, the Website/Portal in question converts your password into a lengthy series of characters, lets say it as hash value. This conversion is technically known as "Hashing" and hashing always gives distinct hash value for different passwords. Hashing is irreversible process, i.e., the hash value cannot be used to get your password back, there is no such thing as Unhashing. The websites store the hash value of your password and every time you give your password to login, the website Hashes this password to get the hash value and it is compared with the hash value that is stored in its database. If you provide correct password the hash value generated will match. So its clear that even the Website/Portal doesn't know your password. Therefore no Website/Portal gives your current password in recovery process, it only gives you an option to reset it.

Following are some things that you always need to keep in mind...
1. Always use different usernames and passwords for different accounts

2. If you use computer other than yours to access your account, either use InPrivate/Incognito mode or else do clear history, cache, etc.. a common shortcut in many browsers is CTRL + SHIFT + DEL

3. If you keep your username and password saved in your smartphone, take enough care, because anyone who has access to your smartphone can not only access your account, but they may also get your password depending on which application you are using in that smartphone.

4. Don't save Login information in browsers, we cannot deny possibility that tools may be present that pickup such data saved by browsers.

5. Have a complex password with symbols, numbers, uppercase, lowercase characters, preferably more than 8 characters. And do change it at-least once in every 2 months. Your password should not include anything about you or your belongings(name, family members names, vehicles, house number, etc.). It should not be a  word that appears in a dictionary.

6. If the service provider has an option of using secure connection(also called as https or ssl) in settings, find it & enable it. In case of Facebook it is there in Account Settings > Account Security > "Browse Facebook on a secure connection (https) whenever possible"

7. In case of Facebook or any other service that uses your existing email account, take equal care of that email account, if that email account is compromised, then the other is directly compromised.

8. Always take care of recovery options like security question/answer, secondary or recovery email id, etc. Go through all the account/security settings and try to understand them and configure them properly. Take care of all the things that can be used to Recover your account password.

9. Don't ever click on any suspicious link in the browser when you are logged into your account.

10. When you are using third party Applications/Softwares to  access your account make sure they are legitimate before using them. For example a third party chat client for your smart phone or computer

11. Always have an antivirus with firewall installed on your Computer and update it at-least every two days, it is recommended to update the antivirus on daily basis. Update other applications/softwares installed on your computer as well.

12. Don't run suspicious looking applications on your Computer while you are connected to internet.

13. Make sure that your are on the correct website, check the address bar of the browser.

14. No service provider will ask for your username or password through email or any other communication. Even on the Website/Portal itself they will mostly ask for the password only in two cases i.e., when you are logging in or changing the password.

15. Never share you account password with anyone, if it is unavoidable, change the password later.

16. Never make online payments through public computer/wireless networks.

17. When you are making online payments, close all other websites and just let the payment process complete. If it is a credit card payment, see that the service provider is using it automatically to renew your subscription/account when required.

18. When you give out your personal information on social networking websites, check the privacy settings to restrict the information that different individuals can see.

19. Always have different email ids for work and personal.

20. Always read security, privacy and help center content provided by your service provider.

21. If you have a wireless network, get it properly configured by an expert.

22. If you find anyone creates account in your name, contact the service provider immediately, and don't let the hacker/person know that you knew this thing.

23. When sending group emails, add yourself as recipient in To adding all the actual recipients to Bcc. This will prevent everyone from seeing email ids of all the recipients. If you receive the email sent to a group and if you can see the email ids of all the recipients, request the sender to add you as recipient in Bcc next time when he sends an email to a group of individuals.

24. It doesn't matter whom you are sending an email, but what matters is what do you send.  Particularly in case of informal mails. Always keep in mind that you won't suffer if your email is made public by the recipient. For Eg.: If you send an email to your colleague who is your good friend and using harsh words for your boss, keep in mind you never know when your friend turns your enemy and blackmail you threatening you that he is going to show that mail to your boss. So beware when sending mails. Just assume that your mails are going to appear in all the newspapers.

There are infinite things that can be done to be more secure online. If you know something important that is missing here, please let me know, drop a mail at I will add it here with your name.


Post a Comment