To prevent your passwords from being hacked by social engineering, brute force, or dictionary attack method, and to keep your online accounts secure, you should note the following:
1. Don't use the same password, security question, and answer for multiple important accounts.
2. Use a password of at least 16 characters, and use at least one number, one upper case, one lower case, and one special symbol.
3. Do not use the names of your family, friends, or pets in your passwords.
4. Don't use postal codes, home numbers, phone numbers, dates of birth, ID numbers, Social Security numbers, etc. in your passwords.
5. Do not use any dictionary word in your passwords. Examples of strong passwords: ePYHc ~ dS *) 8 $ + V- ', qzRtC {6rXN3N \ RgL, zbfUMZPE6`FC%) sZ. Examples of weak passwords: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.
6. Do not use two or more similar passwords that are mostly the same, for example ilovefreshflowersMac, ilovefreshflowersDropBox, because if one of these passwords is stolen, it means that all of those passwords have been stolen.
7. Do not use something that can be cloned (but cannot change) as your passwords, such as your fingerprints.
8. Don't let web browsers (FireFox, Chrome, Safari, Opera, IE) store your passwords, as all the passwords saved in the web browsers can be easily revealed.
9. Do not log into important accounts on other people's computers, or when connecting to a public Wi-Fi hotspot, Tor, VPN, or free web proxy.
10. Do not send sensitive information over the Internet over unencrypted connections (such as HTTP or FTP), because messages in these connections can be sniffed out with little effort. You should use encrypted connections like HTTPS, SFTP, FTPS, SMTPS, and IPSec whenever possible.
11. When traveling, you can encrypt your internet connections before you leave your laptop, tablet, mobile phone, or router. For example, you can set up a private VPN (using MS-CHAP v2 or stronger protocols) on your own server (home computer, dedicated server or VPS) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer (or your own remote server) using PuTTY and connect your software (like FireFox) to PuTTY. Then even if someone captures your data while it is transferring between your device (for example, laptop, iPhone, iPad) and your server with a packet sniffer, they will not be able to steal your data and passwords from the encrypted broadcast data.
12. How secure is my password? You might think that your passwords are too strong and difficult to crack. But if a hacker stole your username and MD5 hash value for your password from the company server, and the hacker's rainbow table has MD5 hash, your password will be compromised quickly.
     To check the strength of your passwords and see if they are inside common rainbow tables, you can convert passwords into MD5 hashes on MD5 hash generator, then decrypt your passwords by sending these hashes to MD5 decryption service online. For example, your password is "0123456789A", using the brute-force method, it might take the computer nearly one year to crack your password, but if you decrypt it by sending the MD5 hash (C8E7279CD035B23BB9C0F1F954DFF5B3) to a website for MD5 decryption, how Will it take a long time to break it? You can take the test yourself.
13. It is recommended that you change your passwords every 10 weeks.
14. It is recommended to remember some master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG, or disk encryption software like BitLocker, or manage your passwords with password manager software.
15. Encrypt your passwords and backup them in various locations then if you lose access to your computer or account, you can quickly recover your passwords again.
16. Turn on two-step authentication whenever possible.
17. Do not store your important passwords in the cloud.
18. Access the important websites (like Paypal) directly from bookmarks, otherwise please check the domain name carefully, it is recommended to check website popularity with Alexa toolbar to make sure it is not a phishing site before entering your password.
19. Protect your computer with firewall and antivirus software, block all incoming connections and all unnecessary outgoing connections to the firewall. Download the software only from reputable sites, and check MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.
20. Keep operating systems (such as Windows 7, Windows 10, Mac OS X, iOS, and Linux) and web browsers (such as FireFox, Chrome, IE, and Microsoft Edge) for your devices (such as Windows PC, Mac PC, iPhone, iPad, and Android tablet) updated on By installing the latest security update.
21. If there are important files on your computer, and others can access them, check if there are keyboard recording devices (for example, a wireless keyboard recorder), keyboard recording software, and hidden cameras when you feel necessary.
22. If there are WIFI routers in your home, it is possible to find out the passwords that you wrote down (in your neighbor's house) by detecting the gestures of your fingers and hands, because the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases, it will be safer if the virtual keyboard (or soft keyboard) changes layouts every time.
23. Lock your computer and mobile phone when leaving them.
24. Encrypt the entire hard drive with LUKS or similar tools before placing important files on it, and physically destroy the hard drive of your old devices if necessary.
25. Access important websites in private or incognito mode, or use one web browser to access important websites, and use another website to access other websites. Or, access junk websites and install new software inside a virtual machine built with VMware, VirtualBox or Parallels.
26. Use at least 3 different email addresses, use the first address to receive emails from important sites and applications, such as Paypal and Amazon, use the second address to receive emails from unimportant sites and applications, and use the third address (from a different email provider, such as Outlook and GMail) to receive password reset email on first email hack (eg Yahoo Mail).
27. Use at least two different phone numbers, and never tell others the phone number you are using to receive text messages from verification codes.
28. Do not click on the link in an email or SMS, and do not reset your passwords by clicking on them, except that you know these messages are not fake.
29. Do not tell your passwords to anyone in the e-mail.
30. It is possible that one of the programs or applications that you downloaded or updated has been modified by hackers, you can avoid this problem by not installing this program or application the first time, except that it was deployed to fix security vulnerabilities. You can use web-based apps instead, which are more secure and portable.
31. Be careful when using online pastes and screen capture tools, and don't allow them to upload your passwords to the cloud.
32. If you are a webmaster, do not store user passwords, security questions and answers as plain text in the database, you should store salted hash values ​​(SHA1, SHA256, or SHA512) for these strings instead. It is recommended to create a unique random salt chain for each user. In addition, it is a good idea to record the user's device information (like OS version, screen resolution, etc.) and save their salted hash values, then when he tries to log in with the correct password but with his / her device the information does not match the previous saved information, allow For this user, they verify their identity by entering another verification code sent via SMS or email.
33. If you are a developer, you should publish the update package signed with a private key using GnuPG, and verify its signature with the previously published public key.
34. To keep your business online safe, you must register your own domain name, and set up an email account with this domain name, you will not lose your email account and all your contacts, as you can host your mail server anywhere, the email provider cannot Deactivate your email account.
35. If the online shopping site only allows credit card payments, you should use a virtual credit card instead.
36. Close your web browser when you leave your computer, otherwise cookies can be intercepted with a micro-USB device easily, which makes it possible to bypass 2-step verification and log into your account with stolen cookies on other computers.
37. Distrust and remove bad SSL certificates from your web browser, otherwise you will not be able to guarantee the confidentiality and integrity of HTTPS connections using these certificates.
38. Encrypt the entire system partition, otherwise please disable the pages file and hibernate functions, as it is possible to find your important documents in pagefile.sys and hiberfil.sys files.
39. To prevent brute-force attacks to log into dedicated servers, VPS servers, or cloud servers, you can install intrusion detection and prevention software such as LFD (Login Failure Program) or Fail2Ban.
جميع الحقوق محفوظة لـ nortonpasswordgenerator