security » Technology Tools for Real Estate

Wi-Fi Hotspots are a great boon to real estate professionals and anyone else who works on the road instead of in the office behind a desk. But while hotspots are convenient they also creates computer security risks.

Hotspots that are easy to log on to offer no data security and no encryption. That means others can intercept your data as it travels to and from your computer. When you type something and hit enter and the wireless signal you’re using has no encryption, the information you type is available for others to see and use. The guy sitting with a computer out in the parking lot or the hacker who lives upstairs over the Starbucks could easily intercept your data and grab passwords or other sensitive information you’re sending.

So when using your computer—or your smartphone—on a public wi-fi signal, it’s a good idea to use SSL. The SSL (Secure Socket Layer) protocol encrypts your data so that anyone intercepting it will only get gibberish. To use SSL, enter an “s” after “http” in the URL. So for example, if you’re visiting Google and you want to do an encrypted search, start by typing https://www.google.com. That s at the end of http, ensure that your data is scrambled as it travels over the Internet.

It’s possible to engage SSL when you log onto Facebook, Twitter, and Foursquare and many other sites. Foursquare does it for you automatically (Try logging on to Foursquare right now without using https and you’ll see that Foursquare changes it for you automatically.) In Facebook, you can put it in manually when you need it, or you can change your account settings so that SSL is automatically engaged each time you log in.

Also, if you use Firefox as your browser, you might want to install HTTPS Everywhere, an add-on that engages SSL whenever the website you’re visiting offers it.

If you’re ever had your e-mail hacked into, you know how frustrating the situation can be. Friends, family members, and clients are getting rogue messages from you that you didn’t send and it can be a headache to get things back to normal.

Your e-mail system has a number of safeguards in place to make harder for someone to hack your e-mail and easier for your to regain control of it—but the safeguards can only work if you’re taken the time in advance to set them up well.

So right now, run this check to be sure your e-mail is secure.

Change your password. When’s the last time you changed the password you’re currently using. The longer the use the same password, the longer a potential hacker has to figure it out.
Choose a strong password. Select a password that’s at least 8 characters long and has a mix of upper and lowercase letters, numbers and special characters. Make sure it’s not a give-away like “password” or “123456.” Also, it should not be a name, a birthdate, or a word found in the dictionary. Check out our earlier post on how to create and remember a strong password.
Review your security questions. If you can’t remember the answers, they won’t be able to help you if you need to reset your password. Choose new questions and answers now if you need to.
Check your backup email. Make sure you still have access to your secondary email account, the one they’ll send a message to if you get locked out of your primary account. If necessary, set up a new secondary account or arrange for reset information to be sent to your cellphone.

If someone does manage to hack into your email, follow the three steps on our sister blog to get things back to normal.

Recently, Gawker Media, host of several popular websites, revealed that hackers had breached its servers and exposed the passwords of thousands of people who have commented on Gawker sites.

Gawker’s security breach is a reminder that our passwords need to be strong and we need to use different ones on important websites to protect our most sensitive information. But who can keep up with all those of passwords?

One solution is to use a password manager. Most current browsers and operating systems have some kind of password management function. For example, Windows 7 has Credential Manager, Mac OSX has Keychain, and the Firefox and Chrome browsers both have a Password Manager. These can get you started, but keep in mind that they work by encrypting your passwords and storing them on your computer. If you lose your computer or you need to log in from another location, computer-based managers such as these won’t be of much help.

Another option is a software/smartphone app combination. One that works well is mSecure. Purchase and install the mSecure software on your Windows or Mac computer for $14.95 and store your passwords, your credit card information, your kids’ social security numbers or any other sensitive data in an encrypted file on your computer. Then purchase the iPhone app for $4.99 and wirelessly sync your sensitive data to your smartphone. Then, when you’re at your computer and you need a password or other important data, you can look it up using the mSecure software on your computer. When you’re away from your computer, you can access the same information via the app on your phone.

SplashID works in a similar way and offers apps not just for iPhones, but for Android, Blackberry, Windows OS phones and others. Purchase the desktop software for $19.99 and the smartphone software for $9.99.

Still another kind of password manager stores your password data in the cloud. LastPass is one such product. It can store passwords as well as sensitive documents, and it works with most popular browsers and operating systems. Download and install the free browser extension. Then, as you surf the Net and enter passwords, LastPass remembers them. The next time you use your computer, log into LastPass and it will automatically fill in your passwords when you visit your favorite sites. LastPass can be installed on each of your computers so you can have access to your passwords wherever you happen to be working. And mobile versions of the software allow you to access your passwords while you’re on the go.

We’ve only scratched the surface here; there are dozens of other password managers. With so many good products to choose from, there’s no excuse for not using strong, unique passwords on every site you visit.

A recently-released report by a California-based security company revealed that millions of computer users are selecting passwords that make it easy for hackers to gain access to their accounts. Are you one of those people?

The company, Imperva, analyzed 32 million passwords in December 2009, and discovered that:

30% of all computer users select passwords of 6 characters or less. The shorter the password, the easier it for a hacker to guess.
Nearly half of all computer users create easy to remember (and therefore easy to guess) passwords, using slang words, dictionary words, or familiar number combination. The most common password, for example, is “123456”. Among the top 5 passwords are: “12345”, “123456789” and “password”.
Half of all computer users use the same password for all the websites they visit. This means that once a hacker figures out a victim’s password at one site, it’s easy to invade that person’s accounts on other sites.
Almost 60% of users create passwords from a limited number of characters. Passwords should not spell out a recognizable word and should contain upper and lower case letters along with numbers and special characters such as “!@#$%%^”.

If you’ve made any of these mistakes, you should take the time to review and change your passwords. Choose strong passwords and use these techniques to help remember them.

hacking for password I read with amazement not too long ago, the story of how a hacker broke into the company records of the top management at Twitter. He did it in part by exploiting common passwords mistakes made my Twitter employees.

How many of these mistakes do you make?

Use the same password on every site. Imagine if everybody in your neighborhood had the same front door lock. A thief who stole your keys would have access to the contents of every house on the block. We don’t do it with keys and you shouldn’t do it with passwords. There are tricks you can use if you have trouble remembering lots of different passwords.
Use “password” for your password. Or your username. Or your birthdate. So many people do this that when hackers are trying to guess your password, they often try these obvious ones first.
Write your password on a piece of paper and post it on your computer. You trust your co-workers and your family members, but don’t forget that occasionally strangers (e.g., repair people, cleaning people, clients you don’t know well, etc.) may be near your computer.
Make it too short. The more characters your password has, the better. Most applications require at least six to eight.
Make it too weak. A good password should be a random collection of characters; it should never spell out a real word. Instead, it should include upper and lower case letters, numbers, and special characters like “^” or “%”.
Assume it’s okay to have a weak password on your e-mail account. People often think, “It’s only my e-mail. Who’d want to hack into my discussions with my spouse about what movie we’re going to see?” That part is true. But it’s also true that when you forget a password, most applications e-mail you a link that let’s you reset. Some actually even e-mail you the forgotten password. A hacker in your e-mail could get access to another more important account that way.
Keep the same password forever and ever. Hackers can be a patient bunch. Keeping the same password gives a would-be hacker months, weeks, even years to guess it.