A hacker doesn’t forgive mistakes - that is why online security is so important

A hacker doesn’t forgive mistakes - that is why online security is so important

March 19, 2020 | #selfevolution academy

We all know the Internet means entertainment. It is like bottomless well with all the funny and interesting things, it is also a vast source of news, useful information and great knowledge. But the most important fact is that the goal of the Internet is connecting people, and behind another side of the screen sits another user, real man you don’t know and probably he also doesn’t know you. People are different, and you never know who you'll meet on your way through the nooks and crannies of the network. Slowly every aspect of our lives becomes connected with the Internet. We store there our private data, our addresses, our confidential messages, our photos, and our funds.

And always when there’s a value, there will be bad people, who want to steal or use it for their own, often bad purposes. Consequences can be terrible, leading not only to losing hard-earned money, but also interfering the whole life of you, your family, friends. Possibilities can be numerous from stalking and internet trolling, to real deeds like burglaries or life-threatening crimes.

 

That’s why online security is one of the most discussed topics nowadays, and war between developers and hackers never stops. Companies are making everything to make sure that clients visiting their website is safe. The end result always depends on the user himself, his caution, responsibility, and flair, but there are simple precautions, that you can take, to increase your peace of mind, and extremely hinder hackers’ “job”.

 

A green bar means a green light!

Ever wondered what the padlock symbol near the website’s URL means? It is the sign, that this particular domain is supported and protected by an SSL certificate. It means, that page you visit transfers data between servers in encrypted, locked form, possible to unlock only with special private keys. Of course, it happens out of sight, and often we don’t even pay attention to this, but SSL certificates are crucial when it comes to Internet security. They make sure that any data transferred by this website is impossible to decode by scammers who try to take it over. URLs of domains secured by SSL certificates begin with HTTPS instead of HTTP.


For regular websites, a standard SSL certificate is enough, but when it comes to platforms that are used to store and process important information, vulnerable data or provide financial and banking services there is a need for something even more trustworthy. That’s where Extended Validation SSL comes to help. Technically the level of encryption stays the same, but thanks to advanced validation program EV SSL is far more secure. This type of certificate is issued only to companies who pass a series of extensive procedures confirming their authenticity and present appropriate documents. Domain with an active EV SSL certificate can be recognized with URL over green-colored address bar in the browser, and name and country of origin of the company which is the website owner. Nowadays browsers are often dropping the green bar idea in subsequent updates, but certificate status can still be checked by clicking a padlock icon, there the name of certificate holding company should be visible.


Remember, always check if the website you want to entrust control of your data or money, has EV SSL certificate installed. Green color and name mean you’re on the real and trustworthy page and you are good to go. 

 

Password is the basic step – but also basic to break


Login and password are the duos we are used to and know it from the very beginning of our journey through the web. Their importance is often neglected, passwords set by web users are weak, they contain standard character strings like “123456” or “qwerty” which are always the first guess. But the facts show that even low-end hacker, especially with a little help of our inattention, can break any password no matter how many lower and uppercase letters or special characters you put in it. Sometimes visiting suspicious or fake websites, opening an infected link, or downloading a file from an unreliable source can let a keylogger to your hard disk, which can save everything what you type on your keyboard, yes, your login and passwords too. A good method to protect from it is using screen keyboards, where keys are clicked with a mouse pointer. Anyway, using only login and password is not, and never was, a secure way to keep your private data or assets out of reach for potential scammers.

 


One additional step for the user, huge push back for the hacker


That’s why two-factor authentication (2FA) systems were invented. They require a user to prove his identity by performing one additional step in order to login to the system. This step is always independent and requires using another device or another medium to confirm the process. There are many methods how 2FA can work. The most popular is an email with confirmation link or PIN-code sent by SMS, but the most convenient for users are special apps like Google Authenticator, which display temporary codes, connected exclusively to your account, that need to be rewritten directly after a login attempt. Only correctly entered code will give access to the platform.


All 2FA procedure takes no more than half a minute, but can extremely complicate or even totally prevent hacking of your account. Without it, all what is needed to access your privacy is knowing your login and password, what is quite easy as we previously mentioned. With two-factor, scammer needs access to your email or what is even harder, to your mobile phone. Without codes displayed in the app which are exclusive only for you, access is impossible. The risk of being robbed from funds or private data is reduced almost to zero.

 


But why?


Strange demands when creating new passwords, email confirmations, two-factor authentications, all these procedures may seem irritating when they are obligatory. You can get the impression, that developers do not respect your time, making you to go through all these steps, but experience shows that many Internet users are completely unaware of threats that may catch them when surfing the web. It is not physically possible to educate all the people and be sure they follow all the security rules by themselves, sometimes you have to force them to take mandatory actions, to ensure that their private data is safe. The more security precautions are implemented the more comfortably end users can feel when connecting to the service. Every of this additional verification steps is a symbol of the company's care and responsibility for their client. Although user experience may seem to suffer at a first glance, in the long run all these safeguards will pay off in positive reviews, good security ratings and what’s crucial unmatched safeness of customers vulnerable data and funds.

 


Hold your guard


In the end, even most sophisticated security systems will not help, when there isn’t any caution, responsibility and awareness. We tend to forget that funds represented on the screen are not just a series of digital numbers, but real, valuable capital. Moreover, there is common thinking, that scamming, stealing data or hacking accounts is something distant, something that doesn’t apply to us. That leads to lowering the guard and disregarding the risk, which is real and comes from the side that we are not suspecting. So next time when you are asked to add a special character to your favorite password, or confirm your login with a code, remember that someone didn’t design it like that to upset you, but to play with you side by side.