Continued from page 1

Of course, I’m not smart enough to have a system like that for myself.

Whatever system you adopt, it’s good to change your password _ and system _ from time to time. And if there’s reason to believe your password might have been compromised, change it immediately.

One other thing to be aware of: Many sites let you reset your password by answering a security question, such as the name of your pet or the name of your high school. Of course, these violate good password practices by requiring you to use something that can be easily looked up. Others ask for your favorite movie or hobby. That might not be easily looked up, but your tastes change over time. Furthermore, because these questions get repeated from site to site, the answers you use violate the rule against repeating passwords.

I try to make these answers complex just like passwords, by adding numbers and special characters and making up responses. Unfortunately, some sites won’t let you do that, and you’ll be stopped if you try to enter a numeral when asked for a city name, for instance. These services will often send an email when a password gets reset this way, so be sure the address on file is current. Change your password and security questions immediately if you’re notified of a reset you didn’t initiate. You might want to contact the service as well.

While you’re at it, make your username complex, too, if you’re allowed to choose one. Banking sites typically do.

Some services such as Gmail even give you the option of using two passwords when you use a particular computer or device for the first time. If you have that feature turned on, the service will send a text message with a six-digit code to your phone when you try to use Gmail from an unrecognized device. You’d need to enter that for access, and then that code expires. It’s optional, and it’s a pain _ but it could save you from grief later on. Hackers wouldn’t be able to access the account without possessing your phone. Turn it on by going to the account’s security settings.

Beyond passwords, here are a few other things to help you stay safe:

_ Software flaws. Many break-ins result from flaws in the software program you use, whether it’s the Windows or Mac operating system, a Web browser or a video player. It’s a good idea to let those programs automatically check for software updates, as those updates may contain fixes to known flaws. You can also check this government website to learn of the latest threats and fixes: http://us-cert.gov.

_ Malicious software. Even if the software you’re using is flawless, hackers may create a security opening by tricking you into installing a malicious program. That can happen if you click on a bad email attachment or link in your email. In rare cases, visiting a problematic website can cause the software to download. Should malicious software get on your computer, a hacker might be able to use the opening to look around for sensitive data, or record your keystrokes to capture your complex passwords. To minimize the threat, use caution when visiting unknown sites or opening mysterious email.

_ Security software. Many companies sell anti-virus and other software to protect your computer from malicious software. There’s a free one available at http://www.avg.com. Windows and Mac computers also come with firewalls to block some threats. Be sure it’s turned on.

Think of these measures as layers of defense. If one gets breached, there’s another to back you up. But eventually, the intruders will get through. Slow them down by making each layer as strong as possible.

___

Anick Jesdanun, deputy technology editor for The Associated Press, can be reached at njesdanun(at)ap.org.