Digital Life

License article

More than a pretty phrase

With just a little bit of effort and carefully clever passwords, you can protect yourself from hackers.

THERE is more to online security than choosing a hard-to-guess password. Plenty of people out there might be trying to hack their way into your digital life, looking to wreak havoc, steal your money or your digital identity.

Most of us know ''123456'' is a terrible password, whether for your online banking, email or Facebook account. Most services force you to choose a more complicated password, but you might have got away with it in the past and never been forced to change it.

If this sounds like you, it's time for a new password.

Using easy-to-guess passwords isn't just a risk for you - you're also putting your friends in danger. Scammers who break into email and Facebook accounts tend to post links to websites laden with viruses. They're also fond of impersonating you and asking your friends for money with pleas for help such as: ''I'm stranded in Bali and I've lost everything - can you wire me some money?'' People tend to fall for such tricks when they think it's coming from a friend.

When choosing a password, avoid dictionary words because hackers try those first. Also use a combination of upper- and lower-case letters, along with symbols. Swapping numbers for letters, such as ''p4ssw0rd'', isn't enough to keep you safe. The strongest passwords tend to be based on a phrase - for example, the first few lines of Mary Had a Little Lamb can become ''MhAlL-iFwWaS*78''. Easy for you to remember, hard for anyone else to guess.

It doesn't matter how strong your passwords are, or how often you change them, if people can find other ways to break in. Don't use the same password for everything. If one service is hacked and your password is exposed, you can be sure hackers will try that password to break into your other accounts. If they break into your email address, they can request password resets for other services, such as Facebook and Twitter, and then take control of those.


It makes life even easier for hackers if you use the same login and/or email address for all your accounts. Consider using multiple email accounts, but many email services let you create ''aliases'', which forward to your main email address. It's much harder for people to hack into your accounts if they don't know the associated email address.

The trend towards linking services, as well as using your Facebook credentials to log into a range of other services, puts you at extra risk. Now hackers only need to find their way into one service to take control of many, so try not to make their job easier.

Rather than guessing passwords, the most determined hackers rely on more nefarious tricks.

One method is ''phishing'' attacks, often links in spam posing as a legitimate email from somewhere such as your bank. The aim is to trick you into typing your password into a fake website. Many web browsers and anti-virus packages help protect against phishing.

Hackers can also try to bluff their way into your account. In one recent high-profile attack, a hacker tricked Apple's help desk into granting him access to the account of US technology journalist Mat Honan. Once inside, the hacker proceeded to remotely wipe all of Honan's devices and deleted his online back-ups.

The hacker fooled Apple's help desk by pretending to be Honan using information gleaned from Honan's website, Amazon account and other online sources. It was the digital equivalent of the long con, using each snippet of information to gain access to the next.

This is why it's a bad idea to overshare information such as your birthday, address and phone number. Also avoid using back-up security questions to which people can find the answers, such as which school you attended.

The use of email aliases would have protected Honan against this hacking attack. The use of ''two-factor authentication'' would also have helped keep him safe. This adds an extra layer of protection by relying on something you know, such as your password, and something you have, such as your mobile phone.

Services such as Google and Facebook offer two-factor authentication, which requires you to enter both your password and a code sent to your phone when you log in for the first time from a new computer or other gadget. At this point you can tick ''remember this computer'' so you don't need to enter a code every time.

Two-factor authentication goes under various names and can seem complicated at first, so follow the set-up instructions carefully.

With a little time and effort, it's not hard to beef up your online security. It's certainly much less of a hassle than trying to reclaim your digital life after you've been hacked.

Security dos and don'ts

Do use strong passwords.

■Don't use the same password for everything.

■Do make multiple back-ups of precious files.

■Don't use the same email address for everything.

■Don't use the one social service to log into everything.

■Don't choose easy-to-answer security questions.

■Do enable two-factor authentication.