Simple Computer Security Tips

July 2003

I spend a lot of time these days thinking about computer security--and it's not by choice. My evil twin in Micronesia again pretended to be me and took over my PayPal and eBay accounts.

PayPal, you ask? Why on earth does Jim still have a PayPal account, after experiencing the fraud that he wrote about in an earlier column?

I asked myself that question when I discovered it had happened again. I might have even banged my head against the wall.

My evil twin got into my account, changed my password, changed the security questions, and changed the e-mail address associated with the account. (Everyone reading this please send an e-mail to my evil twin at jkarpen@ua.fm and ask why he's after me.)

Now I can't even get control of the account to close it, and PayPal says that I gotta be the one to do it. I finally spoke to a manager. He said that since I have neither a credit card nor bank account associated with the account (and for this I thank the universe), I'm not risking anything. It can just stay in limbo forever. My evil twin can have it, whatever pleasure it gives him, since he can't steal anything.

The manager also told me something very interesting: that my evil twin has used my credit card number to gain control of my account both times. How he got it, I'll never know. But it was a relief to know that he didn't have my password.

Which brings us to a main point in today's lesson: like most people, you probably use the same password for everything. Hey, me too. I've used the same password for years. Security experts say that's a no no.

But recently I've changed my ways. It's a dangerous world out there--to which I can now attest.

Here's my advice: use your same password, but vary it slightly according an easily remembered formula based on the name of the service you're accessing. For example, your formula could be to add a number that represents the number of letters in the name of the service, plus the first letter of that name.

Let's say that your password is "flower." For your Yahoo account your password would become "flower5y." Your Microsoft account password would be "flower9m."

Nagging security experts would still chide you, pointing out that someone could figure out your system. But at least you're making it one level more difficult. Plus, you're doing the advisable procedure of using a combination of letters and numbers.

Anyway, it's just a simple little idea to add a bit of security. Which brings me to my second simple little idea: e-mailing documents to yourself.

You likely also don't listen to the nagging experts who tell you to always back up all your data. Short of establishing a routine backup of all your data, here's my simple backup tip:

Establish a web-based e-mail account if you don't already have one. And if you do have one that you're using as your primary e-mail service, then set up a second one. Then each time you finish a document, simply e-mail it to yourself as an attachment. It will sit there in your Inbox on a server someplace until you delete it. This has the added advantage of being an "offsite backup," meaning that your backup is safely stored on a computer somewhere else in the world in case there's some sort of local natural disaster that wipes out your data.

Some people routinely back up their files, but it doesn't occur to them to back up their e-mail or address book, which often reside in a different folder or directory. I've known people to lose all their contact info, not realizing that they hadn't backed it up.

It's very simple. Most e-mail programs have an "export contacts" menu selection, which creates a separate file with all your valuable contact info. Once you export your contacts, then e-mail the file to yourself as above or save it to a backup disk.

Note that the Briefcase feature of Yahoo gives you 30 free megabytes of storage, so this is another backup option. It's nearly as simple and quick to upload to Briefcase as e-mailing a document to yourself.

And one more simple security tip: don't fall for the fake e-mail messages that ask you to log in to your PayPal or other account, and which then give a link that takes you to a scam look-alike site that steals your username and password. I actually received one of those as I was writing this.

It's a rough world out there in cyberspace, but following these simple tips can help.

© 2003 by Jim Karpen, Ph.D

E-mail Jim Karpen