I use RoboForm on a daily basis and it simplifies my online life a great deal. When I wrote this article, I had over 280 RoboForm passcards, which store and protect my logins. These passcards include information like usernames, passwords, pin numbers and answers to security questions for various websites that my wife and I visit. I also have my name, address, phone numbers, credit card info and much more stored with RoboForm to quickly and easily fill online forms.

Security

First of all, any information that you save with RoboForm is protected with a Master Password. Yes, this means that you will have to remember one password – but it also means that people around your computer won’t be able to access any of your online accounts unless they know this Master Password. All of the information that is stored with RoboForm is also encrypted. Anyone who got their hands on your actual passcard files would still need your Master Password to decrypt them.

Since RoboForm remembers and fills all of your passwords for you, you won’t have to worry about forgetting any of them. This allows you to create a different password for each online account without having to worry about forgetting any of them. If you’re currently using the same password for everything that you do, you should definitely check out my basic password tips. In case you don’t want the hassle of thinking up a new password for each website, RoboForm is able to randomly generate very strong passwords for you. An example of a generated password might look like this: NJ@&z47lpXZCds7VKvXI, but as you can see in the picture below – these generated passwords are also easy to customize.

One of the many risks to your security is a type of software that is known as a keylogger. A keystroke logger is a program that can record anything that you type on your keyboard. This log is then covertly sent out to the person who created or installed the keylogger which allows them to use your passwords, credit card numbers and so on. Most of the time, these keyloggers will look like an installation for a useful piece of software. You (or your family) could end up downloading and installing the keystroke logger; thinking that it was something else. On a side note, it is always a good idea to protect yourself from such downloads with a good internet security suite.

As I mentioned above, RoboForm will generate random passwords for you. When you randomly generate your password and drag it into the password field, your information will remain invisible to a keystroke logger. RoboForm also offers protection by providing a Virtual Keyboard for you to click in your Master Password so that keyloggers cannot capture it. Your other information (username, password, etc.) used to access your accounts will be filled with one simple click of the mouse. So, since you aren’t typing any of that information, it won’t be recorded either.

Phishing is yet another common threat to internet users today. Phishing is basically an electronic communication from someone that pretends to be a well known legitimate business. Let’s say that I send you an official looking email saying that there is a problem with your bank account. I continue to write that all you have to do to fix this “bank error” is to click the link that I provided in the email and then login to your account. That link then takes you to a website that appears to be your bank’s website but if you were to look at the actual website address (or URL) – you would see that it’s just a fake version of your bank’s homepage. For example you might see www.bankonamerica.com rather than www.bankofamerica.com in the address bar. The hope of the criminal that sent you this email is that you won’t notice the difference and you’ll end up submitting your username, password and other account information to this fake website. Then the bad guy uses that information to get at your money, steal your identity or do anything else that those evil lawbreaker types like to do.

RoboForm is quite an effective tool that prevents these phishing scams from being successful. RoboForm exposes these illegal practices by securely storing the correct URL (or internet address) along with your login information. RoboForm will only display passcards for URLs that match the internet address that is stored with your login information. If you happen to visit a fake website – you won’t be able to accidentally login because there won’t be any passcards that correspond with that fake URL.

RoboForm also keeps users alert by reminding them to be vigilant when it comes to protecting their personal information. Whenever a user is going to automatically fill credit card, social security, or any other important information – RoboForm will display a warning box stating that the web site is asking for sensitive information. This serves as a wake-up call in case you get too accustomed to automatically filling any form that comes along.

How it all looks and works

I suggest that you opt to use RoboForm’s toolbar inside your browser (which should be Firefox) because their toolbar has everything you need and is very easy to use. The image below is an example of how the toolbar looked at the time that I wrote this article.

The ‘RoboForm’ button (on the left side of the toolbar) gives you access to everything RoboForm has to offer. In the drop down menu you can view and make changes to your logins, identities, profiles, tools, options and so on.

The search field (to the right of the RoboForm button) allows you to search through all of your logins. If you have a Gmail account and a RoboForm passcard that contains your login information, you could simply type “gmail” (or whatever you named the passcard) in the search field and press the enter key to have RoboForm automatically go to the Gmail website and enter your login information for you.

The ‘Logins’ button (to the right of the search field) lists all of the passcards stored with RoboForm. From the drop down menu you’re able to choose a specific login, create a new login, edit existing logins, print a list of your logins or select one of your recently used logins.

To the right of the ‘Logins’ button will be a ‘Passcard’ button which contains all of the passcards matching the specific URL (or internet address) that you’re visiting. If you were sitting at Gmail’s login page, you would see your default Gmail passcard. If you have 5 different Gmail accounts, you would need to hover over this button for a second to select the specific account that you would like to access.

If you’re storing your personal information with RoboForm to easily fill checkout pages and other lengthy forms, then you will see ‘Information’ buttons to the right of your Passcard button. These buttons will fill forms with information like your name, address, phone numbers, bank accounts, credit cards, business information and even custom fields.

The ‘Save’ button is located to the right of the ‘Passcard’ or ‘Information’ buttons. This button allows you to save new logins, forms or bookmarks.

Next is the ‘Generate’ button and it quickly and easily creates secure passwords for new accounts. Hovering over this button lets you customize your options for password generation. You can then fill the password field with this generated password by pressing the fill button on the drop down menu or by dragging the password into the password field. You can also copy the generated password to be pasted elsewhere.

Final Ramblings

Even though I don’t get excited about things too often, I love this software! All I have to do is remember my Master Password, and RoboForm remembers everything else. I am thrilled that the functionality of RoboForm allows me to easily use different passwords for every online account that I maintain. I always try to keep my passwords 20 characters long with as many different types of characters as possible. If a particular website only allows letters and numbers or has a maximum of 10 or so characters, it is very easy to change the options prior to generating the password. I was so tired of continuously typing my full name, address and phone number for various sign-ups and other forms. Now, shopping cart checkouts and long registration forms only take seconds to complete. All I have to do is click on my RoboForm Identity or Passcard and RoboForm completes the entire form. If you spend a lot of time on the internet, I strongly suggest you that you look into purchasing this software.

Download RoboForm for free and for the first thirty days, you will be able to store as many Passcards and Identities as you want. After this trial period, RoboForm will always continue to work – only the amount of information that you can store will be reduced. I’m sure that once you have used RoboForm for a few days, you will see how much time it can save you. More importantly, I hope that you understand how much more secure your online activities will be while using RoboForm.

In this article, I’ll be sharing some of the information that I’ve picked over the years. I am by no means a computer security expert. All I can really attempt to do is offer you some basic tips in the hopes that you will upgrade your security habits. It is important to realize that no one out there is safe. You can assume that a persistent hacker will eventually gain access to anything, given enough time. You should only hope to make yourself such a difficult target that it would just be easier for the hacker to attack someone else. =]

If you want to know how your password can be cracked, just ask any 8 year old kid. I’m kidding – but honestly the problem is that most kids these days know exactly what illegal things can be done and how to do them. Meanwhile, most of the adults using computers are absolutely clueless when it comes to protecting their information. Even government employees (*cough*Sarah Palin*cough*) conduct their daily business with lackadaisical security efforts. Usually it’s the people who possess a lot of information worth protecting that don’t know the first thing about security.

STOP – I suggest that you read this other article on how criminals get your passwords before reading this post. If at any point while reading this, you become frustrated and think that this is all too much non-sense; you are probably the type of person that needs to read everything in this post – so pay attention.

Phishing & Keyloggers

These threat usually rely on your gullibility. There are two programs that I highly recommend you arm yourself with. I believe that AVG Internet Security (read my post on AVG’s Internet Security software) and RoboForm (read my post on Siber System’s RoboForm software) are incredibly useful tools. I use both of these programs on a daily basis and they have both saved me many headaches. AVG checks all of my incoming emails for viruses, keyloggers, likely phishing scams and other goodies. Should I accidentally find myself on a phishing website, RoboForm won’t let me accidentally fill forms with my precious information.

There are millions of spam messages out there leading users to thousands of phishing sites. These sites are usually only up for a few days before they get shut down, but are constantly evolving. The stories vary but once you learn to spot one type of phishing scheme, you’ll probably notice all of the rest. Even without the helpful software that I mentioned, if you keep the following things in mind, hopefully you won’t be a victim.

Do not click any links that you have received from suspicious sources with suspicious stories. If you’ve been notified of an account problem, you can always call the company to make sure. If you want to login to your account, you can use a bookmark that you’ve used before or type the web address as you normally would. Don’t click the link in the email or instant message and don’t type that link either. Always verify the URL or web address of a page that you’re visiting, before you submit any personal information. Big companies generally won’t operate websites with an IP address as their URL. If you’re visiting a website and it says something like http://209.85.171.100/ in the address bar, you should be careful about submitting any personal information. You might think that you’re visiting bestbuy.com if you saw something like this ‘www.bestbuy.com.ww2.us‘ in your address bar, but you’d actually be on the ww2.us server.

Do not download any programs attached to your emails – unless you trust the source and know that they have scanned their files for any malicious software. An executable, no matter how small, can do serious damage to your computer or track your activity. Do not reply to any emails from princes in other countries who have boatloads of money waiting for you. and please don’t send them any of your hard earned money either.

Stronger Passwords

If you’ve read my article about common password cracking methods, you should know all about the brute force method, dictionary attacks and making educated guesses. Once again, I’m going to suggest that you look into getting yourself a copy of RoboForm – as it will save you a lot of trouble. It generates secure passwords and remembers all of them for you.

The longer your password is, the more secure it will be. Just imagine trying to troubleshoot a password that is 1 character in length and consists of a number between 0 and 9 – pretty easy right? There would only be 10 possibilities; but now imagine trying to systematically solve a password that is 20 characters long. Each character would have the same range of numbers (from 0 to 9) but arriving at the perfect combination of all 20 characters leaves us with 100,000,000,000,000,000,000 (10^20 or one hundred quadtrillion) possibilities.

While computers make it easier to systematically attack all of these possibilities – it all comes down to a matter of time. The point is that choosing a long password will cost an attacker a great deal of time. Keep in mind that the attacker probably wouldn’t know the exact length of your password. This means that they would have to start guessing from passwords with only a few characters, all the way up to those with 20 characters – which ends up adding another 11 quadtrillion possibilities to the mix. When you start adding symbols, punctuation, lower-case letters and upper-case letters to the simple 0 through 9 range that we were using – the possibilities become even more ludicrous.

Try to use as many different types of characters as possible. Some websites don’t allow you to use punctuation (like `, ; and “) or special symbols (like #,$ and %) – but whenever they are allowed, use them! No one is likely to guess that your password is +@wEd&.nJ(uF[4=Nr/’- (this is a random 20 character password generated with RoboForm) and attempting to brute force it will take a bunch of computers or a lot of time.

The ‘Don’t Do It’ Section

Different Passwords for Different Accounts

Yes, you have to. This is the biggest problem for everyone; nobody wants to have all these different passwords for a bunch of different accounts. As I’ve been telling you, you need to get yourself a password manager and it will all be easy after that.

Imagine how stupid you’re going to feel when someone, gets your password for your eBay account somehow. Then that crook gets some smart idea to go see if you use the same login information for PayPal. I’ll bet that the criminal was surprised to find out that not only do you use the same login information for PayPal but for all of the bank accounts and email accounts that are linked to your PayPal account.

Upgrading Your Stupid Password

As I’ve said in the ‘Don’t Do It’ section, I’d rather you not choose a word and replace certain letters or vowels with numbers or symbols. If you are going to stick with one password for all of your accounts but want to be strong, try this. Think of a line or phrase that is very easy for you to remember but isn’t connected to your life in any way. For example, the phrase ‘A Spoonful Of Sugar Helps The Medicine Go Down’ might be easy – so now you would abbreviate this phrase. ASOSHTMGD isn’t a word, so it’s already somewhat strong. It’s also more than 8 characters in length – so that’s good. Now, if you can manage it, try to get a good mix of lower-case and upper-case letters, numbers and symbols in this abbreviation- perhaps A5*sHtM6D. You’ll just have to see how it works with your own special phrase, try a couple different ones.

Assigned Logins and Passwords

Never accept a generic login or password that was assigned to you by a website. If you’re setting up a blog or something and you’re given the username of ‘admin’ or something similar – you need to change it. Likewise, if you just entered your email address as part of the sign up process for some new account and then the website sent you an email with a password in it that they setup for you – you need to go login to that account and change your password.

Your Username is a Password

Your login usually consists of two parts – your username and your password. If you use the same username everywhere that you go – the criminals only have to work on getting / guessing your password. I recommend that you vary your username from account to account whenever possible. This will keep the crooks guessing and working twice as hard to gain access to your data.

Final Ramblings

I guess most people prefer a weak password that is easy to remember over a secure password that is hard to remember. This makes a little sense, considering that a strong password isn’t any good if the user isn’t able to remember it; however, you must keep in mind that a weak password doesn’t really protect your information.

I recommend that you always use a randomly generated password for each online account. Each account that you create should have a completely different password. These passwords should be the maximum length allowed by the website that you’re creating an account with. Your passwords should contain a good mix of lower-case and upper-case letters, numbers, symbols and punctuation. If some o these characters are not accepted, use as many different characters as is allowed by the website. Use RoboForm to remember all of your password and complete all of your logins with one simple click.

For security questions, I suggest that you answer them with the same type of randomly generated passwords as described above. Again, use RoboForm to save these answers in a SafeNote or have RoboForm automatically fill the answers for each security question whenever you’re prompted.

If you’ve been using one password for everything, this might sound very complicated but with RoboForm it’s all very simple and way more secure. You should download your free version of RoboForm right now. Or at least read my detailed article on RoboForm and it’s many uses.