There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Passwords are currently the most convenient and effective way to control access to your accounts.

Most people aren’t aware of the numerous com­mon techniques for cracking passwords:

Dictionary attacks: There are free online tools that make password cracking almost effortless. Dictionary attacks rely on software that automatically plugs com­mon words into password fields. So, don’t use dictionary words, slang terms, common misspellings, or words spelled backward. Avoid consecutive keyboard combinations such as qwerty or asdfg.

Cracking security questions: When you click the “Forgot Password” link within a webmail service or other website, you’re asked to answer a question or series of questions to verify your identity. Many people use names of spouses, kids, other relatives, or pets in security questions or as passwords themselves. These types of answers can be deduced with a little research, and can often be found on your social media profile. Don’t use traceable personal information in your security questions or passwords.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed.

Reuse of passwords across multiple sites: When one data breach compro­mises passwords, that same login infor­mation can often be used to hack into users’ other accounts. Two recent breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft.

Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into disclosing passwords.

One day we will develop a truly secure password, perhaps a cross-pollination of various access control tools such as biometrics, dynamic-based biometrics, image-based access, and multi-factor authentication. In the meantime, protect your information by creating a secure password that makes sense to you, but not to others.

Use different passwords for each of your accounts.

Be sure no one watches as you enter your password.

Always log off if there are other people in the vicinity of your laptop or other device. It only takes a moment for some­one to steal or change your password.

Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.

Avoid entering passwords on computers you don’t control, such as at an Internet café or library. These computers may have malware that steals passwords.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop. Hackers can intercept your passwords and other data over this unsecured connection.

In my line of work I get emails such as this one: “Hi Robert, I’m not sure if you saw what had happened on my Facebook page last night, but someone stole my cell phone while I was at a concert, and posted all of my naked pictures off of my phone and posted them to my wall. They were up there for hours.”

Apparently if you are under the age of 40 this is common place. After the age of 40, not so much.

My response: “Horrible lesson learned. And, ahm, maybe no naked pics on your phone? Jeesh. Digital is forever.”

Her response: “That’s what everyone keeps telling me, I should’ve deleted them. Just never thought someone would do that. They could’ve just taken the phone, they didn’t have to embarrass me like that.”

The problem is “they” don’t just look to embarrass someone, they try to sell them, and in some cases extort the victim. We must remember some people aren’t looking to play nice.

The NY Post reports, ““Personal” photos of stunning actress Sofia Vergara have been put up for sale after being allegedly stolen from her fiancé Nick Loeb’s BlackBerry. The sexy pictures, which we’re told are personal in nature but are not nude images, were somehow hacked or stolen from Loeb’s phone before the couple got engaged in July.”

In both of these situations just simply locking the device would solve this issue.

Have you ever thought about what would happen if you lost your mobile phone? For a lot of us, it can also be a nightmare if it’s lost, stolen or hacked, especially since an untold amount of people are using their mobiles like a bedroom accessory.

But despite the fact that 1/2 of us would rather lose our wallet than our mobile phone, only 4% of us have taken steps to protect our mobile device with security.

We don’t realize that our photos, emails, text messages and our apps can be an open door for thieves into our personal information, privacy and financial accounts.

Mobile devices are on the move, meaning they can more easily be lost or stolen and their screens and keyboards are easier targets for “over the shoulder” browsing. Below are some tips to protect you and your device.

Never leave your phone unattended in a public place

Put a password on your mobile

Set your phone to auto-lock after a certain period of time

When doing online banking and shopping, always log out and don’t select the “remember me” function

Use mobile device protection that provides anti-theft

Mobile device protection can be used to backup and restore the information on your phone, as well as remotely locate it and wipe data in the case of loss or theft. Plus mobile device protection offers as virus and web and app protection.

Think of it like this: when you drive, you might make take a wrong turn, and that wrong turn may result in you entering a bad neighborhood. But what’s scary about the dark side of the Web is that you didn’t end of on that website because you took a wrong turn, it’s because you were most likely re-directed there by cybercriminals.

There are 131 billion web searches conducted worldwide every month. Search engines consider numerous factors when you enter terms into a search query to determine what results to send back to you, including the popularity of the search, the number of times a page contains what you are searching on, what the search engines knows about you (like your device type and location), and the reputation of the links. These factors are utilized by marketing teams to make sure that relevant content is seen by you when you enter words to search for in your browser.

But this same process is also used by criminals who are looking to infect your device, and steal your personal information and finances. Criminals know that popular topics are ones that receive a lot of search queries and they use these topics to set up fake sites that are meant to cause you or your device harm.

Currently, there are more than 700,000 websites serving up malicious software and every minute a new phishing site is detected. In order to help you navigate the dark side of the Web and search safely, you should:

Be suspicious: Any links to free stuff or too good to be true offers are suspect.

Be cautious: Searches on hot topics, popular photos or videos are big targets for cybercriminals.

Check the URL: Typosquatting (common misspellings that direct you to a fake site) or even expired domains can direct you to the dark side of the Net.

Protect yourself: Use tools that offer secure Internet surfing. Make sure you use up-to-date comprehensive security software with a safe search plug-in on all your devices and that you are using the latest version of the operating system and browser on your device.

The term “cyberattack” or cyberwarfare is defined as “politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.”

“Weapons of Mass Disruption” are a growing concern. The U.S. and many other countries are electrically and digitally dependent. Our critical infrastructures, including drinking water, sewer systems, phone lines, banks, air traffic, and government systems, all depend on the electric grid. After a major successful attack we’d be back to the dark ages instantly. No electricity, no computers, no gasoline, no refrigeration, no clean water. Think about when the power goes out in your house for a few hours. We’re stymied.

The New York Times reports “Defense Secretary Leon E. Panetta warned Thursday that the United States was facing the possibility of a “cyber-Pearl Harbor” and was increasingly vulnerable to foreign computer hackers who could dismantle the nation’s power grid, transportation system, financial networks and government.”

The threats of a cyberattack are real. Unfortunately tis is one of those “it’s not IF but WHEN” scenarios.

The AP reports “President Barack Obama wants owners and operators of essential U.S. infrastructure to meet minimum cybersecurity standards that the private sector and federal agencies would develop together.”And “Republican presidential candidate Mitt Romney says within his first 100 days in office he would order all federal agencies to develop a national strategy to deter and defend the country from cyberattacks.”

Whomever is elected president will face an unknown unseen digital enemy unlike any other president has seen in history. 

Think before you click. Know who’s on the other side of that instant message. What you say or do in cyberspace stays in cyberspace — for many to see, steal and use against you or your government.

The Internet is incredibly powerful tool that must be used intelligently and cautiously. Do your part to protect your little network and we will all be that much safer.

Use antivirus software, spyware removal, parental controls and firewalls.

Back up your data locally and in the cloud.

Understand the risks associated with the wireless web especially when using unsecured public networks.

Protect your identity too. The most valuable resource you have is your good name. Allowing anyone to pose as you and let them damage your reputation is almost facilitating a crime. Nobody will protect you, except you.

Why someone would set up a fake social media profile? The answer correlates with news of cyber-attacks on businesses and other organizations being targeted with advanced persistent threats which has risen sharply over the past two years.

The Register reports “Social engineering via platforms such as Facebook can be one of the early stages of an advanced persistent threat (APT), the latest buzz word on the information security scene and a technique commonly linked to cyber spies operating from China.”

One highly publicized cyber-attack was on Supreme Allied Commander Europe (SACEUR) Admiral James Stavridis NATO’s most senior military official.

It is believed the social media account in his name was “attempt to trick colleagues, friends and family into giving away his personal secrets on the social network”

These cyber-attacks on social media are often used to gather intelligence to crack a password or to gain insight to knowledge based questions or challenge questions. For example:

• What’s your favorite food?
• Where did you honeymoon?
• Your first pets name?
• Name of your first car?
• The name of your elementary school?
• Your father’s middle name?
• Your mother’s maiden name?

All these questions are meant to bypass social media security and replace that used-to-be-secret-obscure word that only you and your parents would know the answer to.

Officers of a company or anyone in a pivotal position like HR or accounting, need to recognize IT security risks and realize while they may not be a NATO commander they do have access to company and client data that may be worth serious money to a thief, competitor or foreign government.

Below are a few social media security tips on how to prevent cyber-attacks

• Keep social media profiles all business
• Limit “lifestyle” information and set your privacy setting to high
• Don’t just friend anyone
• Be cognizant that someone’s always watching and might be using what you post to access your company data

“Americans have always cherished our privacy. From the birth of our republic, we assured ourselves protection against unlawful intrusion into our homes and our personal papers. At the same time, we set up a postal system to enable citizens all over the new nation to engage in commerce and political discourse. Soon after, Congress made it a crime to invade the privacy of the mails. And later we extended privacy protections to new modes of communications such as the telephone, the computer, and eventually email.” The Whitehouse.

Corporations, without any FTC or privacy advocate oversight, would pretty much invade your online privacy.  Most major websites now install cookies on your computer, which, over time, help develop a profile that serves as your digital fingerprint. This is why, after searching for a specific product, you may notice advertisements for that particular product or brand appearing on various other websites. This is generally harmless.

A cookie is a small piece of text or code that is stored on your computer in order to track data. Cookies contain bits of information such as user preferences, shopping cart contents and sometimes user names and passwords. Cookies allow your web browser to communicate with a website. Cookies are not the same as spyware or viruses, although they are related. Many anti-spyware products will detect cookies from certain sites, but while cookies have the potential to be malicious, most are not.

With privacy watchdogs addressing this kind of advertising as a major concern, and the Obama administration now stepping in, we will surely see the implementation of some standards in this kind of marketing practice over the next few years.

The New York Times reports “The Obama administration and the nation’s chief privacy regulator pressed Congress to enact online privacy legislation, saying new laws would level the playing field between companies that already had privacy policies and those that lacked them, and thus escape regulatory oversight.”

The White House has put forward what it calls a Privacy Bill of Rights to provide basic online protection guarantees. Read up, and recognize you have rights.

The Obama Administration’s framework consists of four key elements: A Consumer Privacy Bill of Rights, a multi-stakeholder process to specify how the principles in the Consumer Privacy Bill of Rights apply in particular business contexts, effective enforcement, and a commitment to increase interoperability with the privacy frameworks of the US’s international partners.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto. 

We use the web to search, shop and to connect with friends and family. And in the process criminals are trying steal from us.

It used to be that a person only had to know not to open a file in an attachment from someone they didn’t know. Today there are more ways than ever that your PC can be hijacked.

Today you can simply visit a website thinking you are safe and the bad guy was there before you and injected code on the site and now it infects your out-dated browser. That’s a “drive by” and it’s very common today.

Protect yourself:

Update your browser. Internet Explorer and Firefox are the most exploited browsers. Whenever there is an update to these browsers take advantage of it.   Keep the default settings and don’t go to the bowels of the web where a virus is most likely to be. Consider the Google Chrome browser as it’s currently less of a target.. Systems using old or outdated browsers such as IE 5, 6, or older versions of Firefox offer the path of least resistance.

Update your operating system. Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. No matter what brand of computer you are on you have to update the critical security patches for your Windows operating system. Microsoft will no longer support Windows XP after 2014, so start thinking about upgrading to Windows 7 or wait for windows 8 (which is pretty sweet). Go to Windows Update. Keep your critical security patches up-to-date by setting Windows Update to run automatically as well.

Update Adobe Reader and Flash. Adobe PDFs and Flash Player are ubiquitous on almost every PC. Which makes them a prime target for criminals. To update Reader go to Help then Check for Updates. 

Don’t be suckered into scareware. A popup launches and it looks like a window on your PC. Next thing a scan begins. The scan tells you that a virus has infected your PC. And for $49.95 you can download software that magically appears just in time to save the day.

Beware of social media scams. Numerous Twitter (and Facebook) accounts including those of President Obama, Britney Spears, Fox News and others were taken over and used to make fun of, ridicule, harass or commit fraud. Often these hacks may occur via phish email

Surfing pornography websites increases your risk, as does frequenting gaming websites hosted in foreign countries. And don’t engage in risky online activities that invite attacks.

Downloading pirated content from P2P (peer-to-peer) websites is also risky. Remember, there is no honor among thieves.

Make sure to set your antivirus software to update automatically. Use a paid product that provides antivirus, antiphishing, antispyware and a firewall.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto.