Security 101: November 2012

How can we find out if we are really secure when we’re using online banking?

There is no way to be really secure. However, there are ways to reduce the risk to a minimum acceptance level. Just ensure the following have been fulfilled:
- If you use wireless to access the network, make sure that you use an encrypted connection. If not, somebody might play man-in-the-middle
and intercept the traffic between your browser and the bank. This can happen even if the bank uses HTTPS.
- Always install and update your antivirus solution that offers real time protection. Better yet, consider a security suite that has a lot of protective measures integrated than the rest.
- Make sure to regularly perform a virus scan your computer.
- When logging into a bank website, make sure the web URL is correct.
You should always write the address yourself and not click in emails or select bookmarks.
- Check the authenticity certificate of the bank. You can do that by
clicking on the small lock present either near the URL in the browser address bar or in the status bar on the bottom of the window (depending on the browser type used).
- If you observe that the computer is slower than usual or the browser takes longer than normal to write characters, you may have a keylogger or rootkit hiding on your PC. These malicious programs sometimes react only when you visit certain websites (like that of a targeted bank). Do not type your bank credentials in this case. Scan your computer in Safe Mode or from a Rescue System.
- You can also install a virtual keyboard (some security suites have it built-in) in order to prevent keyloggers from stealing your keyboard inputs.

 

How do I manage all of my passwords in a secure manner?

The best and most secure way to manage your passwords is to keep them in your head and make sure that only you can remember it. There is no software solution out there which can guarantee you 100% security. The reason for this is that at some point, the password has to be a unencrypted and either presented to you or directly introduced in form, which requires a password. This operation is unencrypted and have malware that target such vulnerabilities.
But, even if there are not so many malware targeting this process, what do you do if you need your password and you are not near your computer which holds the password manager?

There are easy ways in which you can create complex passwords and also help you to remember them. For details, please visit the Avira Techblog: Improve your security #9: create good passwords

 

 

Sorin Mustaca

IT Security Expert