Guidelines For Using A Secure Password, Two-Factor Authentication, And Free Antivirus

Choosing the right password can be tough for many people, especially with so many accounts needing one these days. This can make it tricky to remember them all. Perhaps that’s why so many people pick passwords that are easy to guess. The simple tips below are meant to help you choose a strong password.

Table of Contents

Basics

Use at least eight characters; the more characters, the better, but most people find it hard to remember more than 15.
Use a random mix of characters, upper and lower case letters, numbers, punctuation, spaces, and symbols.
Avoid words from the dictionary, whether in English or any other language.
Never reuse the same password.

Things to Avoid

Don’t just add a number or symbol to the front or back of a word, like “apple1.”
Don’t repeat a single word, like “appleapple.”
Don’t write a word backwards, like “elppa.”
Don’t just remove vowels, for instance, “PPL.”
Avoid obvious sequences that can easily be guessed, like “qwerty” or “asdf.”
Don’t distort letters only, like changing e to 3, L or i to 1, or o to 0, as seen in “z3r0-10v3.”

Tips

Choose a password you can remember easily, so you won’t have to look it up repeatedly, which lowers the chances of someone finding out where you wrote it down.
Pick a password you can type quickly, reducing the likelihood of someone peeking over your shoulder to see it.

Bad Passwords

Don’t use passwords based on personal information like: name, surname, birth date, spouse’s name, pet’s name, friends’ names, hometown, phone number, social security number, car registration number, address, etc. This includes using just a part of your name or a portion of your birth date.
Avoid using passwords based on things around you. Passwords like “computer,” “monitor,” “keyboard,” “telephone,” “printer,” etc., are useless.
Never be tempted to use any of those very common passwords that are easy to remember but offer no security, like “password” or “letmein.”
Don’t base your password on your username, account name, computer name, or email address.

Choosing a Password

Use good password generator software.
Take the first letter of each word from a song or poem line.
Alternate between consonants and one or two vowels to create nonsensical words. For example, “taupouti.”
Combine two small words with punctuation or special characters between them. For example, “seat%tree.”

Changing Your Password

You should regularly change your password; I recommend changing it once a month for most purposes.
Change your password whenever you suspect someone might know it or could guess it, especially if they were standing behind you when you typed it.
Remember, do not reuse passwords.

Protecting Your Password

Never store your password on your computer, except in an encrypted format. Keep in mind that the password cache that comes with Windows (the .pwl files) isn’t secure, so don’t save your password when Windows prompts you to.
Never share your password with anyone, not even your system administrator.
Never send your password via email or other unsecured channels.
Yes, write down your password, but don’t leave the paper lying around; keep it somewhere safe, ideally outside of the site, and definitely locked up.
Be very careful when entering your password in the presence of others in the same room.

Remember Your Password

Keeping your password in mind is always tough, and that’s why many people are tempted to jot them down on pieces of paper. As mentioned above, that’s a really bad idea. So what can you do?
Use a secure password manager; check out some free options on download pages.
Use an encrypted text file with strong encryption utilities.
Choose passwords that are easy for you to remember.

Bad Examples

“fred8” – Based on the username, it’s also too short.
“kristine” – The name of the user’s girlfriend, easy to guess.
“kciredref” – Username spelled backward.
“dictionary” – Listed in the dictionary.
“iNdesCribaBle” – Random capitalization doesn’t make it secure.
“gandalf” – Listed in word lists.
“zeolite” – Found in geological dictionaries.
“qwertyuiop” – Listed in word lists.
“murder!” – Found in a foreign language dictionary.

Good Examples

None of these are really good examples, as they’ve been published here and everyone knows them now. Always choose your own password; don’t use someone else’s.
“mItWdOtW4Me” – Monday is the worst day of the week for me.

How could a potential hacker get my password? Hackers can use four main techniques to obtain your password

Stealing it. This means watching you when you type it in or finding the paper where you wrote it down. This is likely the most common way passwords are compromised, so it’s crucial to keep any written notes extremely secure. Also, remember not to type your password when someone is watching.
Guessing it. It’s surprising how many people choose passwords that can be easily guessed based on personal information. Psychologists say most men use a four-letter vulgarity, while most women tend to use their boyfriend’s, husband’s, or children’s names.
A brute-force attack. This is where every possible combination of letters, numbers, and symbols is tried in an attempt to guess the password. Even though this is very labor-intensive, it shouldn’t be underestimated with modern high-speed processors and software tools. A Pentium 100 PC can typically try about 200,000 combinations each second, meaning that a 6-character password with upper and lowercase letters could be cracked in just 27½ hours.
A dictionary attack. This method is more sophisticated than brute-force attacks. In a dictionary attack, attempted combinations are chosen from words available in dictionaries. Software tools are readily available that can try each word in a dictionary or word list until your password is found. There are dictionaries with hundreds of thousands of words, as well as specialized, technical, and foreign language dictionaries, along with lists of common password terms like ‘qwerty,’ ‘abcdef,’ and more.

Using a Password Manager

We rely on passwords to protect our data and privacy. One of the biggest crimes today is identity theft, which can easily occur if passwords are compromised. Good password management is essential. Have you ever considered the option of remembering your passwords and not having to enter your login credentials repeatedly? Password managers are among the best ways to store, back up, and manage your passwords. It’s tough to remember a strong password, and that’s where a password manager comes in. It encrypts all your various passwords with a master password, so you only need to remember one.

What is a password manager? A password manager is software that helps users manage passwords and sensitive information for access anytime, anywhere. An excellent password manager securely stores information without compromising security. All passwords are saved using some form of encryption, making it difficult for others to exploit them.
Why should you use it? If you have trouble remembering passwords for every website and want to avoid the ‘Forgot Password?’ option, or if you regularly seek out a password manager, then you need one. They are designed to store all types of important login information related to various websites.
How does it work? Password managers can be stored online or locally. Online password managers store information in the cloud, accessible from anywhere at any time. Local password managers save data on a local server, making them less accessible. Both have their advantages, and the one you choose will depend on your needs. Online password managers use browser extensions that keep data in a local profile while syncing with cloud servers. Some other password managers utilize removable media to store passwords so you can carry them with you, eliminating worries about online issues. Both options can also be combined using two-factor authentication for even greater data security.
Some popular password managers store your passwords using various forms of encryption, provided by the companies that offer these services. The best password managers utilize 256-bit (or higher) encryption protocols, which are approved by the National Security Agency for handling top-secret information. If you’re thinking about using a password manager but haven’t made a decision yet, this section lists the top five password managers.

A. KeePassX: KeePassX is an open-source, cross-platform, lightweight password management application published under the GNU General Public License. It was built using the QT libraries. KeePassX stores usernames, passwords, and other login details in a secure database. It features its own random password generator, making it easy to create strong passwords for better security. It also includes a powerful and fast search tool that allows users to find stored login credentials using keywords from a website. Users can customize groups, enhancing its user-friendliness. KeePassX is not limited to storing just usernames and passwords; it can also hold free-form notes and any type of sensitive text files.

Features:

User-friendly Interface: The left panel’s tree structure makes it easy to distinguish between various groups and entries, while the right panel displays more detailed information.
Portable Media Access: Its portability makes it easy to use since there’s no need to install it on every computer.
Search Function: Searches the entire database or within each group.
Auto-fill: No need to type in login credentials; the application does this automatically when the web page loads, keeping it safe from keyloggers.
Password Generator: This feature helps create strong passwords that are difficult to crack using dictionary attacks and can be customized.
Two-factor Authentication: Allows users to unlock the database using a master password or a key from a removable drive.
Attachments: Any type of sensitive document can be added as an attachment to the database, allowing users to secure more than just passwords.
Cross-platform Support: It works on all supported platforms. KeePassX is an open-source application, so its source code can be compiled and used on any operating system.
Security: The password database is encrypted with either AES encryption or the Twofish algorithm, which uses 256-bit key encryption.
Expiration Date: Entries can expire based on a date set by the user.
Import and Export of Entries: Entries can be imported from PwManager or Kwallet and exported as text files.
Multilingual Support: It supports 15 languages.

B. Clipperz: Clipperz is a web-based, open-source password manager designed to securely store your login information. Data can be accessed from anywhere and on any device without any installation required. Clipperz also offers an offline version for when internet connectivity is unavailable.

Features:

Instant Login: Log in to any website automatically with just one click, without typing your login credentials.
Offline Data: An encrypted local copy of your data can be created as an HTML page with a single click.
No Installation Needed: As a web-based application, it can be accessed from any compatible browser with no installation required.
Data Import: Login data can be imported from various supported password managers.
Security: The database is encrypted using JavaScript code in the browser and sent to the website. A passphrase is needed to decrypt the database, ensuring that data remains inaccessible without it.
Support: Works on any operating system with major JavaScript-enabled browsers.

C. Password Gorilla: Password Gorilla is an open-source, cross-platform, simple password manager and personal vault that can store login information and notes. It is a TCL/Tk application that runs on Linux, Windows, and macOS. Login data is stored in a database accessible only with a master password. Passwords are protected with SHA256, and the database is encrypted using the Twofish algorithm. The main stretching feature makes it tough against brute-force attacks.

Features:

Portable: Designed to run on compatible computers without installation.
Database Import: Can import password databases saved in CSV format.
Locks database when inactive: Automatically locks the database when the computer is inactive for a specified time.
Security: Uses the Twofish algorithm to encrypt the database.
Can copy credentials: Keyboard shortcuts can be used to copy login credentials to the clipboard.
Auto Clear: This feature clears the clipboard after a specified time.
Organizes groups: Can create groups and subgroups to organize passwords for different websites.

D. GPass Password Manager: GPass Password Manager is a simple, lightweight, and cross-platform utility for managing and accessing passwords. It is published under the Apache License. It allows users to securely store passwords/URLs in a database. Added entries can be marked as favorites, which can be accessed by right-clicking the system tray icon. The passwords and other login info displayed on the screen can be hidden based on user preferences.

Features:

Access to Favorite Sites: A convenient ‘tray’ icon allows quick access to a list of favorite web pages.
Autofill: Passwords and other information can be pulled into forms by clicking on them for fast filling.
Search Bar: The quick search bar lets users find the needed passwords easily.
Password Generator: Passwords with user-defined options can be generated with just one click.
Quick Launch: Favorite websites can be launched by right-clicking the tray icon.

E. Password Safe: Password Safe is a simple, free, open-source application started by Bruce Schneier and released in 2002. It is currently hosted on SourceForge and developed by a group of volunteers. It is known for its ease of use. Passwords can be organized based on user preference, making them easier to remember. Complete database backup and recovery options are available for user convenience. Passwords are kept hidden, making shoulder surfing difficult. Password Safe is licensed under the Artistic License.

Features:

User-Friendly: The GUI is very straightforward, making it easy for beginners to use.
Multiple Databases: Supports multiple databases, allowing separate databases for each category.
Secure Decryption: Password database decryption happens in RAM, leaving no trace of login details on the hard drive.
Password Generator: Supports the creation of strong, long passwords.
Advanced Search: The advanced search feature lets users search across various fields.
Security: Uses the Twofish algorithm to encrypt the database.

Enabling Two-Step Verification

Every day, thousands of personal accounts are hacked. Personal information is compromised, passwords are broken and lives are put at risk. If you ever use one password for more than one account, your chances of getting hacked increase exponentially. Thankfully, Google has introduced its own 2-Step Verification system: whenever an unknown device is used to sign in to your Google account, the user has to provide a verification code in addition to the password. So it’s not enough for hackers to just get your password; they’ll also need physical control over your phone or computer to access your account.

Step 1: Sign in to your Gmail account. Click on your avatar’s thumbnail on the right side of the top menu bar, and then click “Account” to update your settings.

Step 2: You’ll be directed to your account settings page. Scroll down until you find a blue bar that says “Signing in”.

Step 3: In the 2-Step Verification section, you’ll see if you already have 2-Step Verification turned on. If it says “Off,” click “Edit” to set up the feature.

Step 4: You’ll see a page that briefly explains the steps to set up 2-Step Verification. Hover over the steps for more details. Once you’re ready, click “Start Setup.”

Step 5: Type in your cell phone number. This will be the phone associated with your Google account. Whenever you sign in to your Google account from an unknown device (e.g., a public computer), Google will send a verification code to your phone and you’ll need to enter it before you can sign in.

Step 6: Choose whether you want to receive a text message or a Google Voice call with your verification code. Press Submit. Then wait for the code to arrive on your phone and enter it.

Step 7: Decide whether to trust this device. If you’re turning on 2-Step Verification from a personal computer or trusted device, check the “Trust this device” box. You’ll only be asked to enter a verification code when you sign in to this account once every 30 days.

Step 8: Press OK, and you’ve set up 2-Step Verification for your Google account! Skip any additional steps that are unfamiliar or confusing for now—we’ll discuss them all in successive sections of this article.

Step 9: Print a list of backup verification codes and store it in a safe but accessible location, such as your wallet. If you ever need to sign in to your Google account but don’t have your primary phone with you, you can enter one of these codes instead. • Go to your 2-Step Verification settings page. • Under “How to get codes,” click the “Show backup codes” link. Print this page.

Method 1 of 2: Application-specific passwords

Step 1: Understand the need for application-specific passwords. With 2-Step Verification, Google helps you create a verification code whenever you sign in to your account from a web browser. However, if you use your Google account with other applications, such as Microsoft Outlook or a mobile device’s mail application, those systems may not ask you for a verification code. Therefore, you must sign in to those systems once with an application-specific password. You only need to re-enter an application-specific password when you want to reset it and create a new password for that device.

Step 2: Generate application-specific passwords for your devices. Go to your 2-Step Verification settings page or click “Edit” next to 2-Step Verification on the Security account settings page (steps 1-3 above). Scroll down and click “Manage application-specific passwords”

Step 3: At the top of the page, you’ll see a list of sites, apps, and devices that you’ve granted some level of access to your account. For example, if you’ve allowed a third-party website (e.g., LinkedIn, Twitter, Foursquare) to scrape your Gmail contacts to find friends, you’ll see it listed. If you use other Google apps, you’ll see those listed, too. You’re free to revoke access to any site or program you no longer want to use.

Step 4: Scroll down to the field below to enter a device name. Enter something that will help you remember what this application-specific password is for — e.g., Mail app on iPhone, Google app on iPhone, Chrome Sync, Outlook, Thunderbird, or whatever describes your application. Click “Generate Password.” You should create a new application-specific password for each application.

Step 5: Open the application. Go to the settings page where you enter your Google account information. Type your Google account name as usual. Now instead of your account password, type the application-specific password in the password field. You have now given this application full access to your Google account. You only need to enter this password once. There is no need to write it down or remember it, and it will not be displayed by Google again.

Step 6: Click “Done” on your web browser after successfully entering the application-specific password.

Step 7: Learn how to revoke an app’s access to your Gmail account. If you no longer want to use an app, or you’ve lost your phone and want to prevent anyone who has it from accessing your Gmail, simply click the “Revoke” button in your application-specific password settings page.

Step 8: Create new app-specific passwords for each app you connect your Google account to! This means that if you sync your Google account with two mail apps and one chat client, you should have three app-specific passwords.

Method 2 of 2: If You Lose Your Phone

If you lose your phone and 2-Step Verification is turned on, you can still access your Gmail account. You can and should also follow these steps to prevent strangers from gaining access to your Google accounts.

Step 1: Revoke your current app-specific passwords. If you have a smartphone that has apps tied to your Google account, they will be signed out automatically. When you get a new phone, you can create new app-specific passwords (see the previous section) and enter them into your new device.

Step 2: Change your Gmail password. Even if someone else has your verification code, they can’t get into your Gmail account without your new password. While it’s unlikely that the person who has your phone has also cracked your Gmail password, you can never be sure. If you’re logged into Google from any web browser on your mobile device, you’ll now also be automatically signed out.

Step 3: Add a backup phone number if you have a second mobile device. Go to your 2-Step Verification settings page and click “Add phone number” in the “Backup phones” section.

Step 4: If you don’t have a backup phone, use your list of printable backup codes to access your account. On your 2-Step Verification settings page, click “Show backup codes.” If you haven’t done so yet, print out this page and keep it in a safe but accessible place — such as your wallet.

Step 5: If you get a phone and change your phone number, be sure to revoke access to your previous number on the 2-Step Verification settings page.

Securing Computer Using Free Antivirus

As computers are becoming more and more integrated in our lives, we leave a lot of sensitive data on our computers ranging from passwords, official email IDs, bank accounts to personal notes, business plans and other confidential information. Therefore, good security software is a must for everyone. Here is a list of 11 free anti-virus software and its common features that you can choose for your online security (home users). All are listed alphabetically

Avast Antivirus – Avast is one of the best free anti-virus software available that provides complete protection against security threats. This full-featured antivirus package has the following features: Built-in anti-spyware, Anti-rootkit, Web Shield, Strong Self Protection, P2P and IM Shield, Anti-virus Kernel, Resident Protection, Network Shield, Automatic Updates, System Integration, Windows 64 bit support, Integrated Virus Cleaner. It can be downloaded from here https://www.avast.com/index
AVG Antivirus – AVG AntiVirus Free Edition provides basic antivirus and anti-spyware protection for Windows. The free version includes the following features: anti-virus, antispyware and Safe Surf feature. It can be downloaded from here http://free.avg.com/
Avira Antivirus Personal – Avira is a comprehensive, easy-to-use antivirus program designed for reliable free virus protection for home users. Features included are: protection against virus worms and Trojans, anti-rootkit, anti-phishing, anti-dialer. It can be downloaded from here http://www.free-av.com/
BitDefender – The free edition uses the same ICSA Labs certified scanning engine found in the Pro version of BitDefender, allowing you to enjoy basic virus protection at no cost. Features include: On demand virus scanner and remover and scheduled scanning. It can be downloaded from here http://www.bitdefender.com/PRODUCT-14-en–BitDefender-FreeEdition.html
Blink Personal – An all-in-one security suite with antivirus limited to one year. Features of Blink Personal Security Suite – Antivirus and anti spyware, anti root kit, built-in firewall protection and identity protection. It can be downloaded from here http://free-antivirus.eeye.com/
CalamWin Antivirus – An open source, free antivirus program for Windows 98/Me/2000/XP/2003 and Vista. Features include – High detection rate of viruses and spyware; Automatic download of regularly updated virus database, Standalone virus scanner. It does not include On-Access Real-Time Scanner. It can be downloaded from here http://www.clamwin.com/
Comodo Antivirus – It has all the functionality of the paid AV at no cost – Features included are – Detect and remove viruses from computers and networks. On-Access Scanning conducts a real-time, scheduled virus scan. Host Intrusion Detection allows you to intercept viruses, spyware and other malware before they infect your computer. Get updates of the latest virus definitions every day so you can stay protected from the latest threats. It can be downloaded from here http://antivirus.comodo.com/
Moon Secure Antivirus – It aims to be the best free antivirus for Windows under the GPL license. It offers features of commercial antivirus applications along with multiple scan engines, Net Shield, Firewall, On Access, On Exec scanner and rootkit prevention. It can be downloaded from here http://sourceforge.net/projects/moonav/
PCTools Antivirus – With PC Tools Antivirus Free Edition you are protected against the most dangerous cyber threats attempting to gain access to your PC and personal information. It protects you against viruses, worms, Trojans and has Smart Updates, IntelliGuard Protection, File Guard and Email Guard. It can be downloaded from here http://www.pctools.com/free-antivirus/
Rising Antivirus – Rising Antivirus Free Edition is a solution that has no cost for individual users for the lifetime of the product while still providing the same detection and protection capabilities as Rising Antivirus. It protects your computer from all types of viruses, Trojans, worms, rootkits and other malicious programs. The ease of use and SmartUpdate technology makes it an “install and forget” product and empowers you to focus on your jobs with your computer. It can be downloaded from here http://www.freerav.com/
ThreatFire Lite – Provides comprehensive protection against viruses, worms, Trojans, spyware, rootkits, keyloggers and buffer overflows. And includes real-time behavior-based malware detection, malware quarantine and removal, etc. It can be downloaded from http://www.threatfire.com/download/

Activity

1. Compare the features of some popular free antivirus. 2. What is the difference between free antivirus and paid antivirus? Is it safe to use free antivirus on your machine? 3. Use the guidelines to create a secure password and evaluate whether your current password can be considered a secure or insecure password. 4. Based on the above guidelines, change your insecure password to a secure password. 5. Find out some popular password managers and evaluate them based on their features‟. 6. Based on the above comparison, choose one of the best password managers for you. 7. Create two-step verification for your Gmail account. 8. Find out how many sites offer two-step verification other than Gmail.

Read Also:

1540200cookie-checkGuidelines For Using A Secure Password, Two-Factor Authentication, And Free Antivirus

Name	Domain	Purpose	Expiry	Type
_ga	altechbloggers.com	Google Universal Analytics long-time unique user tracking identifier.	2 years	HTTP
IDE	doubleclick.net	Google advertising cookie used for user tracking and ad targeting purposes.	2 years	HTTP

Name	Domain	Purpose	Expiry	Type
_ga_GSZLHBGB35	altechbloggers.com	---	2 years	---
jetpack_post_subscribe_modal_dismissed	www.altechbloggers.com	---	1 days	---