Online Security – My Journey Down The Rabbit Hole

You think you are safe and secure online?  You are not.  You are smart, you learn all about how hackers can get at your websites, exploit your data, change your pages, or extort you as I read in this article:

If you are outraged after reading, I just want to let you know that Naoki did get his Twitter handle back after much effort.  So ultimately extortion is illegal and companies will try to help you out after they check every last detail.

Preventing security problems is what we really want.  We want to prevent somebody from getting into our Paypal, Amazon, or Godaddy accounts.  We want to prevent somebody from spending on our credit card after they extract it from an online database.  We want to prevent somebody from phishing our password then using it to post on our facebook account.

All I can say is good luck.  My understanding after much research is that hackers are getting smarter all the time.  But you can take some basic steps to improve your odds:

  • Use a unique password for each site that has your credit card information
  • Use two-step authentication with your cell phone on every site you can
  • If you have a Godaddy account (or any other web hosting), avoid using the same credit card from Godaddy on any other web site
  • The bigger websites are the biggest target for hacks: Amazon, Paypal, eBay, Google, Facebook, Walmart, etc.  Be the most vigilant with them.
  • Banks are usually very good with security but make sure your bank requires more than just a password to get into your account.
  • Never, ever click on a link in an email then sign into any web site.  In some cases, password resets may be the exception, but only if you are expecting them.

As far as our website security, we take the following precautions:

  • We do not take your credit card for any reason on our site.  We do not even do paypal.  Note that our partners do take payments.
  • We use an SSL certificate for splashplan.com.  We do not use one for The SplashPlan Blog.  You do not sign in on it.
  • We store your password and password reset codes in encrypted form in our database.
  • Our form fields are escaped to prevent SQL insertion.

Nothing we can do will entirely prevent a hacker from getting in.  But we have very little sensitive information. Please make sure to use a unique password with our site.  Nobody can see it on our site, not even me, but it is a good idea anyway.

Is there anything you can add?