Auditing your Extension and Plugins
There’s no easy way to tell if your extensions are spying or if your plugins are insecure. Here’s a list of extensions that you can compare to your own, but it’s nowhere comprehensive. At last glance there are hundreds and hundreds of extensions available for Google Chrome, Mozilla Firefox, and Internet Explorer.
If you use any or all of these three browsers, and it’s likely you do, then you should know how to handle add-ons for each. Treat extensions and plugins like you would system applications, if you use an extension every day, or at least regularly, then you should keep it.
If you don’t use an extension, or you can’t remember why you installed it, or you don’t remember installing it, then you should by all means remove it or, at least, disable it. Of course, if you have any doubts, do a simple Google search on whether anyone has cited it as spyware. If the extension has reviews, then you should read those too.
Plugins, on the other hand, should be kept updated and/or disabled unless you need them. Obviously you’re going to want to leave your Flash plugin enabled, it would be a pain to always have to enable it every time you wanted to watch a YouTube video. But, you still want to make sure it is always up-to-date.
We start with Google Chrome because it’s our favorite and chances are you either use it or Internet Explorer. In Chrome, you can quickly access your extensions by typing “chrome://extensions” which will show the “Extensions” settings.
Very simply, if you want to disable an extension, uncheck the “Enabled” box and if you want to remove it, click on the trash icon.
Similarly, type “chrome://plugins” to see the “Plug-ins” installed on your browser. Note, you can quickly enable/disable by clicking the link. If a plug-in needs to be updated, it will give you an “Update” option (you should click it).
Internet Explorer doesn’t have as many add-ons but that doesn’t mean you shouldn’t know how to administer them. To open the add-ons settings in IE, click the small gear icon and select “Manage add-ons.”
IE lumps extensions and plugins together. To disable anything, right-click on the item and select “Disable.”
Mozilla Firefox does have a lot of extensions and many of those can be suspicious too. To open the “Add-ons” settings, click on the orange Firefox button in the upper-left corner.
The “Add-ons Manager” collects everything in one place. Click on the extensions tab to attend to those. As you can see, you simply need to click the appropriate button to disable or remove any extensions associated with your Firefox installation.
Plugins are a bit different. Firefox lets you decide whether to allow a plugin to ask, always, or never activate. This means, you can either leave a plugin enabled, completely disabled, or you can decide when the time comes whether you want to use it.
At the top of the plugins screen is a gear icon that allows you to choose your update methods. Note, “Update Add-ons Automatically” is enabled by default.
Passwords and securing your system
Stop for a moment and think about that laptop computer or tablet you carry around wherever you go. Pause and reflect upon your computer, slung across your shoulder like a modern day shield. You carry around your digital lives, storing phone numbers, addresses, shopping habits, friends and family photos, e-mail, and many more pieces of information that, even as little as a decade ago, we would have never thought of as possible.
Those little devices we take for granted contain a treasure trove of information. If left unprotected, they pave the way for cyber-thieves to access our most valued personal data: bank and credit card accounts, social security numbers, where we live, who we interact with, etc. These devices are a portal into our private worlds. You wouldn’t walk around with your address and phone numbers emblazoned upon your shirt but, leave your laptop or tablet behind somewhere and you might as well have done just that.
Luckily, there’s a very simple and practical way you can safeguard your data. It doesn’t require a major investment of cash or time, just a little thought and creativity. A strong password can easily place a virtually impenetrable firewall between you and even the most determined digital burglars. Passwords represent the first, and often last, line of defense between you and your piece-of-mind. But the keyword here is “strong.”
The strength of your password makes all the difference between foiling even the most determined of crooks and simply wasting a little bit of their time before they guess or hack their way in. Think of a password as a moat surrounding your castle. Will your moat be a watery canal that someone can lazily float across or will you stock it with piranha, crocodiles, and submerged hazards? How well you protect yourself is entirely up to you.
Creating Strong Passwords
First things first, to create a good, strong password you want to avoid some very common mistakes.
- Don’t use a dictionary word. One of the primary methods for cracking a password is a “dictionary attack.”
- Don’t use commonly misspelled words, abbreviations, or words spelled backward.
- Don’t use a sequence of numbers or letters such as 12345678 or QWERTY.
- Never use personal information such as your name, pet’s name, your birthday, or any other similar information that can be easily researched or socially engineered.
- Never write down your password or share it with anyone.
Keys to Strong Password Creation
Knowing this, there are several keys to creating a strong password.
- A strong password should be a mixture of letters (upper and lower case), symbols, numbers, and punctuation.
- It should be at least eight characters. Short passwords are easier to crack.
- You should use a different password for every website. A cyber-thief can hack into a website with the weakest security and then use your information on ones with stronger security.
- Try to change your passwords at least once every three months. If you suspect your password has been compromised, change it immediately!
- While it is a good idea to substitute symbols for letters, most password hacking software will automatically account for many common conversions such as “and” for “&” and “to” for “2.”
- Take advantage of all the characters on your keyboard, not just the ones you use every day.
- Make things easier by using a password manager such as LastPass or KeePass. That way, you can have as many long, complex passwords as needed and you only need to remember one.
Now Create Your Own …
Now that you know what and what not to do, let’s create an example strong password that you can easily remember.
- Start with a simple sentence: Strong passwords are the best!
- Next, remove the spaces between each word: Strongpasswordsarethebest!
- Mix things up a bit by intentionally shortening or misspelling some words: Strawngpassw0rdsRtehBest!
- Finally, you can make the password even stronger by adding some numbers: Strawngpassw0rdsRteh2014Best!
And really, that’s all there is to it. You can check the strength of your password by running it through a password checker, which can be easily found online. By always following these simple rules and then utilizing these methods to create strong passwords, you can ensure that your personal information will be relatively safe and sound from prying eyes.
Security Questions Can Be Like Password Kryptonite
In recent years, many websites have started instituting security questions as a means of helping people remember or reset forgotten passwords. As first glance, this seems like a great idea. Answer a few simple questions, like the name of your favorite pet or the town where you were born, and you’re given the option of then resetting your password.
Security questions are an effective way of saving companies money on support costs because users no longer have to call in to reset their passwords. And, they are also safer than trying to identify a user over the phone. The biggest problem with this method is that answers to these questions can often be discovered with a little research and social engineering.
Unfortunately, there’s no easy answer to the security question problem. “Good” security questions shouldn’t be easy to guess and the answers shouldn’t change. Your favorite book at the moment may be “War and Peace” but say you read “Crime and Punishment” and it becomes your new favorite. A good security question then would not be “What is your favorite book?” because the answer can change over time.
Security Questions: Dos and Don’ts
Here are some handy tips you can use to overcome the inherent problems associated with security questions.
- Invent bogus answers that only you will know. This helps prevent someone from using social engineering to gain access to your account.
- Write down your question/answer combinations or better yet, use a password manager such as LastPass or KeePass to store them.
- Don’t pick the same security questions for every account. For example, don’t answer the mother’s maiden name question for your e-mail and your social networking account(s).
- Don’t answer questions that involve personal information or can be easily guessed.
- Answer questions such as you would when creating a strong password. Use special characters, numbers, and symbols instead of letters.
As risk-prone as they are, security questions currently represent the best available idea for easily resetting your password. Until someone comes up with a better solution, a user’s password security will only be as good as the questions that are asked, and the cleverness of the answers you provide.
Coming up Next …
If your PC feels slow, there’s some pretty practical things you can do to help unburden it and speed things up. It also pays to keep your system completely updated at all times. None of this stuff is very difficult and you will reap the benefits of having a sprightlier, responsive system.