I have been using my Gmail account since 2006 and have not been hacked yet (that does not really mean anything, let me tell you, for one can never predict the ‘tomorrow’); however in this long period I have lost many a contact and friend. Some have quit their respective online businesses, but others quit because their email accounts were hacked!
It is human nature: your email account gets hacked and you quit it and open a new one; when the new one gets hacked you open yet another email account. Surprisingly this kind of behavior is hardly noticed offline; you don’t quit living in your house if you are burgled, nor do you leave a town if some goons harass you; rather you seek legal protection. The reason why people behave differently online is that:
a) Email accounts are free to get
b) There is no ‘police’ you can report ‘cyber crime’ to – well actually there is almost always a ‘cyber crime cell’ in most cities but I doubt they would bother to look into ‘individual email account hacking’ cases; they are more interested in tracking down high-profile terrorist activities and so on and so forth!
In any case I don’t believe that ‘flight’ is the real answer to hacking. You can open a 100 email accounts and have all of them hacked one by one even before you know it. The answer to hacking is ‘fight’. You don’t have to get offensive and visit the hacker’s house and punch him in the face :P; instead you can get a bit defensive and take certain steps to make sure your account remains safe from hackers. Let me tell you, however, that even if you follow the tips below, there is no guarantee you would never get hacked, but this much guarantee I can offer you that hacking would be a rare event in your life!
a) How do you know you have been hacked? If you are a Gmail user, you can log into your account and scroll down below until you find the text:
"Last account activity:"
There you would see the IP address from which the previous login occurred. Now if this is an IP address that looks unfamiliar to you then it should give you some clues! :D
But wait, you can dig further to satisfy your curiosity! Click on the "Details" link. There you will see a list of IP addresses from which people logged into your account. It would contain your IP addresses of course, but if you notice any IP address that you don’t recognize then it is possible that you might have been hacked!
b) The next thing to do is to click on the button "Sign Out All Other sessions". Thus if a hacker is logged into your account from another location he would be instantly logged out!
c) Then click on the little blue wheel at the top-corner-right-side, and then click on "Mail Settings". Under "General Tab", scroll down until you find "Browser connection" and there select "Always use https" and click "Save Changes". Here is some more information on this.
d) Then click on "Accounts and Imports" tab, and click on "Change Password". DO NOT use a weak password: it is the number 1 reason why people get hacked! DO NOT use your name, family’s name, sister’s name, spouse’s name, any dictionary word, etc., as a password. In short, your password must be an uncommon, meaningless, gibberish! Here are some tips on how to choose a good password. Here are some more tips.
Make sure that the password you choose –
i) Is of at least 20 characters in length (more is better, less is worse)
ii) Contains both uppercase and lowercase letters
iii) Contains numbers
iv) Contains special characters, like @ # $ % ^ & !
An ideal password should be something like:
a&w3o#v2z@$7#iQlu0HF
OR
syGKQo2#Ms0N1s48uu60
OR
uLf^kU#2A#tqrl9ki%1n
You can test the strength of any of these passwords here. These are just some examples. Use them as inspirations to create your own unique password. Please DO NOT use these sample passwords for your own purpose; remember both the good and the bad guys are reading this blog! ;)
e) Now when you use such strong passwords, remembering them becomes an issue. The immediate instinct is to store your passwords in your browser but please Do NOT do it. If your browser has any known security vulnerability, hackers can exploit it to gain access to all of your passwords!
Instead use either of the following free tools to store your password:
i) Roboform: The free version helps you store just 10 passwords, while the paid version can store unlimited passwords. Roboform stores each password in a special proprietary file system called .rfp and these files can be opened only by Roboform and only AFTER you have entered the master password you had set when installing Roboform. It is not at all as intimidating as it sounds; though there is surely a learning curve, as is the case with any software!
ii) Keepass: Absolutely free and open source, no strings attached. Keepass stores your passwords in a specially encrypted database which can be opened only by Keepass and only AFTER you have entered the master password you had set at the very beginning!
For your convenience, both Roboform and Keepass offer password generator tools you can use to generate strong passwords for your own use.
So, with any of these tools, the hacker must know your master password in order to gain access to all of your passwords! And you must memorize the master password; DO NOT store it somewhere on your computer, as that would simply defeat its purpose!
One of the key differences between Roboform and Keepass is that while Roboform offers a toolbar which helps you automatically store passwords as well as log into sites, with Keepass you will need to do all these manually. Of course KeePass comes with some ‘form-filling plugins‘ but I have not used them myself so cannot vouch for their reliability!
iii) Lastpass: I DO NOT recommend it, and here is why:
http://www.wilderssecurity.com/showthread.php?t=293992
http://forums.lastpass.com/viewtopic.php?f=12&t=60559&start=20
http://forums.lastpass.com/viewtopic.php?f=7&t=37499&start=0
https://threatpost.com/en_us/blogs/lastpass-asks-users-change-password-after-probable-breach-050511
http://www.techlineinfo.com/vulnerability-in-lastpass-online-password-manager-reset-master-password/
Apparently, some of these ‘vulnerabilities’ have been ‘fixed’ and some have not, but then you never know when new vulnerabilities would crop up! In my opinion, while all softwares have vulnerabilities of their own (even the commercial ones), one should choose the software with the least ‘vulnerability’ because let us face it, we are not using the software to store poems and stories, but the thing whose security matters more, PASSWORD!
Besides, I personally believe that data kept on my hard drive is generally more secure than the data kept online (there are exceptions to the rule, of course). :P
f) Once you have changed your Gmail account password, close the window. Now you are back into the "Accounts and Import" tab. Now click on "Change password recovery options". Here you can setup a recovery email address: this must be a different email address – I suggest using a yahoo email address, or the email address offered to you by your ISP or webhost.
Google™ also offers you the option of setting up a "SMS" recovery option but I am not sure if I can trust Google with my cellphone number so I would skip it! :D
g) On that same page, scroll down below until you notice the "Security question" option. Here, select a question and answer it; the answer should be long and ‘cryptic’. Something like this gibberish:
dhsjhurfvyuf gfdhuerurnrifnn gi
It can be any gibberish like that; just close your eyes and type! :D
Again you can store this answer into either of the password managers I recommended above. In case of Roboform, open the passcard (FYI Roboform stores each password in a special file which it calls "passcard") and click on "Edit=>Add Note"; your note could contain the answer to your security question! :D Of course it could also contain records of all your one-night stands; your spouse would never know! :P (kidding)
In case of Keepass, you right click on the respective password, click on "Edit/View Entry" and you will see the "Notes" box! :)
h) Now click on the "Sent" tab on the left side of your Gmail account and look through the first few emails sent from your account; see if you find anything suspicious there; if do you, let all your "main" contacts know about what has transpired; say that you suspect that you have been hacked and that if they received any spam then it was the hacker’s doing!
i) Choosing a strong password is only half the battle won; smarter hackers could still hack into your email account, so it is important that you keep changing your passwords and security questions regularly, at least once a month!
j) Make it a habit to visit only "safe" sites; especially don’t visit porn sites (buying porno magazines or watching porn movies on DVDs is way better) because often they would "inject" spywares and trojans into your system! It is also important that you discard Internet Explorer™ in favor of a browser like Firefox so that you are automatically blocked from accessing "infected" or "harmful" sites (since visiting these sites can harm your computer)!
k) Make it a habit to clear your cookies and temporary files everyday with CCleaner! More information can be found here.
If you liked this article, please feel free to post a nice comment, retweet it, like it on Facebook and link to it from your website, thanks. :D Don’t forget to tell your friends about this article so that they don’t get hacked too often! :P
UPDATE: After I wrote this article I found out a great article which lists some other good tips you can use in this respect (as well as how you can recover a hacked account)!
Disclosure: ArindamChakraborty.com is affiliated to Roboform