How not to get hacked

This is not an article on how to get hacked and manage it in an embarrassing way. That would be a fun article, but I haven't written it yet.

This is what you should know in order to avoid getting hacked.
  1. Use good passwords
  2. Get computer protection
  3. Don't tell people stuff
  4. Don't be admin
Use good passwords
The average person will need to know a dozen passwords if they create passwords like they are told to, and many more if they work in the IT or Financial industry. I do both, so I've learned a good bit about how to handle them both safely and conveniently.

There are many bits of standard advice that you'll hear, not all of it good:
Questionable advice
  1. Do not write them down - The core idea is that if you write down your passwords, someone who manages to find out where your passwords are written down needs only to copy them when your guard is down in order to get access to everything you hold dear. I don't tell people not to write down their passwords, but I do recommend that you do not write down your most important passwords unless you're going to keep them in a safe deposit box or a personal safe.
  2. Do not reuse your passwords - If you use a password in more than one place then you double the chance that someone can get into your stuff. During the last couple months (at the time of this writing) some pretty widely used and important web sites have had hackers get the passwords stored on them. People who used the same password for two websites suddenly and unexpectedly had lost the security of their logins on both. I do not tell people that they shouldn't reuse passwords, but that they shouldn't reuse the same password between something they care about and something they don't. Using the same password for your email and a comic site for example. Using the same password for your google mail and your yahoo mail should be reasonable however, so long as they hold the same importance to you. Using the same password for your banking and your email, however, is a recipe for disaster.
  3. Use complex passwords - This is both good and bad advice. It is bad because people don't remember random letters and characters very well, consider "la>sdk@As2l)34j@sdfl-kgjsz" which is a great password... that you'd never remember. People are not good at remembering random characters so they tend to use words, names and numbers when they generate their passwords. The problem is that computers can try millions of passwords faster than you can type one, so your password "rachel78" is going to be guessed by a hacking program faster than you'd be able to pull up the page. Instead come up with ways of generating complex passwords using something that is easy for people to remember, like the first letters of a sentence: "I remember when Rachel was born, it was a cold day in August" becomes "IrwRwb,iwacdiA." Another alternative is to use a phrase that you have memorized for another purpose: "Four score and twenty years ago, something... something... - Abraham Lincon" becomes "Fsatya,s...s...-AL" which is tremendously harder for a computer to guess. Computer hackers are smart, they don't just guess random letters and characters, they guess words, names and common numbers in combination a long time before they move to trying random characters.
Better advice
  1. Keep your passwords secure - If you are going to write them down, don't leave them in a book on your desk. Certainly nobody would mess with your stuff most of the time, but someone who wants to steal your money or use your account to post racial slurs isn't someone that you can trust to leave your stuff alone. Don't put them in a file, if your computer is unlocked for one minute, somebody can make a copy without you even realizing it. Don't put them on your phone because someone may steal your phone when you're dealing with an emergency, possibly one the criminal created.
  2. Use a password tool - This kind of seems to go against the advice to not store your passwords in a file, but an encrypted file with a complex password is an exception. I recommend LastPass and I recommend KeePass because they are very good at keeping your passwords handy and safe. They are both reliable but both of course need a good first line of defense, a complex password to encrypt them.
  3. Use complex passwords - I know, I know, this is in both lists, but it is important to use complex passwords correctly. Learn a few very complex passwords, using phrases, that you use only to keep your other passwords safe. Again, I recommend using a phrase in some way "Patti hit town in a cloud of dust, old Flame was buzzin' like a saw." becomes "Phtiacod,oFwb'las."
  4. Separate passwords by risk - when one password is compromised by the site you use it on, it means all the sites you used it on are compromised. If you have a low security password for one site, don't reuse it on your email and don't reuse either one on your banking site.
Get computer protection
Hopefully you already realize that you need an antivirus program. If you don't have it, and you're using Windows or Mac, then you should get antivirus. It's free, in most cases.

You should also consider an anti-malware program. Most antivirus comes bundled with it, and there are also some good free ones, Spyware Blaster as an example. My favorite for cleaning an existing infection is Malware Bytes. I don't really consider malware to be the same class of threat as viruses because malware is generally something that people inflict on themselves. If you use caution and have good habits, you may not need malware protection, and many antivirus programs include malware protection, so your needs may vary.

A really good firewall is essential for some people; a decent firewall is enough for some; some people already have a firewall and don't need a second and a few people don't need a firewall at all.

When you plug your computer into the internet, work network, or use it through a wireless connection, you're allowing information both out of your computer and into your computer. A firewall is a tool that controls how that information is allowed out and how it is allowed back in. People need a firewall if they don't have enough control of their computer to ensure that only the very specific things they intend are allowed. A good rule of thumb is that every Windows user needs some sort of firewall and machines that are used by users without lots of caution and experience need a good firewall.

Windows and Mac come with a decent firewall. Unless you consider yourself both a cautious and expert user, it is a good idea to have a firewall, but for just a cautious user, the ones that are already there are good enough. Linux users have a great firewall that may or may not have been enabled by default. Linux users should get to know about their firewall options so that they can determine if it is right for them.

If you're using a home router and it has a firewall option, you should turn it on.

Caution: Firewalls can interfere with some programs. It is important to know what your firewall options are and be able to turn it off if you suspect it may be the cause of a problem, but you should always end up turning it back on. For this reason, it is important to not only know what you're using, but also how to adjust it.

If you're needing a firewall with easier to use options than the one on your router (and you know that the other computers connected to it are firewalled as well)  then you should consider a really good firewall. I've never found a better one for Windows users than Zone Alarm. It can learn what is normally okay for your computer, is easy to adjust and can make it easy to find out what is being blocked if you have a firewall induced problem.

A good setup for the average home user with a router is to have the router firewall on and have Zone Alarm learn the normal traffic for your computer for a day or two, then leave it in place. When you have a problem that you believe is caused by a firewall, you can turn off the router firewall and let Zone Alarm tell you what is being blocked in order to find out if it really is a firewall problem. If it is something that needs unblocked, you can use the information you got from Zone Alarm to reconfigure your router firewall as well when you turn them both back on.

Most home users won't need something as sophisticated as Zone Alarm and can just leave Windows firewall and their router firewall alone and be fine. You'll only run into a need for something more sophisticated when you are doing something like setting up an IP based telephone and don't have sufficient technical assistance to adjust them yourself.

Don't tell people stuff

This is THE rule for keeping yourself safe from hackers. Nobody should ever need you to tell them your password. I work for a financial institution and if we need access to test something for a customer, we will set their password to something only we know during testing and then have them set a new password we do not know when we are done. If we need access to an employee's windows login, we will set their password to something we know and have them set it to something we don't know when we're done. If we need access to their voicemail, we set the password to something we know, and (you guessed it) have them set it to something we don't know when we are done.

The lesson here is that anyone who has a legitimate need to know your password should be able to set it themselves and you should always reset it when they are done. This means that you should NEVER need to tell someone your password.

Do not tell people who call you... anything. If you don't know their voice then you shouldn't tell them anything personal at all beyond confirming what they tell you. If they really do need to know something, then you should call them back at a published number you look up yourself. Anybody who calls you and doesn't have a published number you can call them back at is someone that has no requirement for you to tell them anything personal.

Never follow a link in your email to provide your personal information. It is DEAD COMMON for people to get emails that look legitimate from people who send them to a site that looks legitimate in order to steal their log in or other personal information. If you get an email from a company that you believe is legitimate and you need to provide information to them, do NOT follow the link in the email, instead find them on the web yourself (not using information from email) and do it there. This goes triple for PayPal and your banking information.

Don't be Admin
Windows has a poor reputation for security. The number one reason for that isn't that Windows is badly programmed, but because people use Windows as an Administrator. When you have your computer set up, the next step should be to create a regular use login and use that instead of your administrative login. When you encounter a virus, malware or trojan, it has all the abilities you do. If you are using Windows as an unprivileged user then the damage is limited to what that user can do. If you are running as an administrator, there is pretty much nothing that can't be damaged. This is important that it makes the Ten Tips page.