Your Privacy and Security
Strong, Practical Passwords
If someone has your login info, THEY ARE YOU. They can do anything you can do, including mess up your account, send messages to others as if they are you, steal your money, ruin your credit, and change your password so they can carry on while you can't even get into your own account! You don't want this on social media sites, or school or work sites, and certainly not on financial, medical, or legal service sites.
Do not use passwords based on names of children, pets, favorite musicians, sports teams, colors, numbers, birthdates, or other things that can be guessed by people who know you. Sadly, a large portion of cybercrime is committed by people who are close associates of the person or company they violate. Do not base passwords on numeric or alphabetic sequences, physical patterns on the keyboard, or approximations of real words. These are commonly used, and are at the top of the list of things both human and automated attackers try. Automated attackers can run at speeds in excess of a billion attacks every three minutes, and are getting faster all the time.
Instead of making it easy for someone to break into your account, you can give them only one chance in 6 quadrillion. Your password for any site should include at least one each of upper case, lower case, digit, and non-alphanumeric character, be at least 8 characters long (preferrably 12), and not be based on words, sequences, or personal information. Do not waste your power by choosing "clever" and super-guessable passwords like "p4$$w0rd", "let_me_in1", your cat's favorite TV show, or your least favorite vegetable. If you move up from 8 characters to 9, your password will be one in 573 quadrillion, and at 12 character it's one in 4.76x1023 (4.76 sextillion) Since most passwords are 6 or or 8 characters long, even automated systems won't even try to guess one as long as yours for a long time.
Okay, okay, but then how do I make it something I can remember?
We all have so many passwords to so many accounts these days, the best thing to do is use a password manager that syncs your passwords across your computers, phones, and tablets. Then you can use super tough passwords like "2k%c@zgtQ!2pGF3qJvpETAk!GT#@crpZ" (at 32 characters long: 1 out of 1.4x1063!) and yet not have to remember them at all -- the program will remember them for you. This is the best course of action.
If you are not using a password manager, then a good practice is to make up a memorable nonsense phrase such as "five fierce frogs ferociously flick flies" (picture it vividly!) for each site you use. Make up a phrase you will be reminded of by the site itself. For example, applying the frog theme to a banking site, you might use "financial frogs fund foreign investments".
You might then take the nth letter of each word. For example, taking the 3rd letter of each word here yields, "nonrv". Then make sure you have at least one upper case letter, one lower case letter, one digit, and one other character, producing something like "non_RV*5". This might seem difficult, but when you pick the phrase yourself it can really work. Sometimes you can also pronounce the result ("non RV 5") or make up an image in your mind (the driver of an RV wants to get into the bank's parking lot, but there are five signs that says RV's are not allowed).
If someone hacks your Facebook account, that's annoying, and possibly damaging, but why make it easy for them to also hack your bank account? By using the same or similar passwords across multiple sites, that is just what you do. Use a different password for every site!
If someone gets into your email account, they can probably find enough personal information there to commit extensive identity theft, both online and in the physical world of phones, mail, and even face-to-face encounters. As a "mega-key", your email account password is only slightly behind your computer password as the most important. Make it super strong.
If you let your browser remember your passwords (which is reasonable), understand that if anyone steals your computer, or you forget it somewhere, the one little password you have for logging in to your computer is the only thing protecting your bank accounts, social sites, and everything else you use on the net or store on your computer. And that's only if they get to your computer when it is locked. If they get it before your screen saver kicks in, you're toast. Your computer password is in first place as the most important. Make it super strong.
Do not write down any login id or password on a "sticky note", on a card in your wallet, in a non-encrypting app on your phone, or anywhere else at all.
Do not use passwords based on things people know about you, numeric or alphabetic sequences, physical patterns on the keyboard, or approximations of real words.
Use one of the several really good password managers that sync across computers, phones, and tablets. Have it generate and remember really complex passwords for you, and don't worry, be happy.
If not using a password manager — why? But if not, note that a password like non_RV*5 is much stronger than "clever" ones like p4$$w0rd or let_me_in1. The right memory aid makes even a strong password easy to remember.
If someone hacks your Facebook account, why would you want to make it easy for them to also hack your bank account? Use a different password on every site.
Your computer password and your email account password can be the only protection you have against complete identity theft — make sure these two passwords are very strong!
Lost or Stolen ID or Password
If you think someone other than you might be able to log in to any of your accounts, login to that account right now, go to your account settings, and change your password. This will prevent them from logging in with the old password. If they have changed your password and you can't get it, contact the site right away.
Any time you want to change your id or password, login, go to your account settings, and proceed from there.
Don't Get Hacked in the Coffee Shop
In a coffee shop, the library, or even in your own home, if you log in to any site over WiFi and someone "sniffs" (electronically listens to) your login info, they can steal your login id and password and impersonate you. They can do anything you can do, including mess up your account, send messages to others as if they are you, steal your money, ruin your credit, and change your password so they can carry on while you can't even get into your own account! You don't want this on social media sites, or school or work sites, and certainly not on banking, medical, or legal service sites.
Before you log in to any site, check that the URL in the address bar begins with "https" (notice the s at the end) — not "http". If you do not see that s before you log in, do not log in! "http" is okay for just looking, but any place you buy something, or have a login, and any place that shows or asks for personal information should protect you with https from before you login or see or enter any personal information until you log out.
No matter where your computer is, keep it protected with anti-virus / anti-malware software, a firewall, and a locking screen saver that kicks in after just a few minutes of inactivity. If you don't know about these things, ask your friend who does to help you out. Since your computer has a lot of personal information on it, and also stores the passwords for most or all of the social, financial, and medical sites you visit, use a strong password for logging on to your computer itself. See the section about Strong, Practical Passwords on this page.
Never leave your computer alone "just for a minute", to grab a napkin at a coffee shop for example.
Do a web search to find out how to encrypt your computer's disk and do it (or have your more technical friend do it for you). It won't affect how you use the computer. Once you set it up, it automatitcally protects your personal data and your computer's functioning if someone else tries to get into it after your computer has been powered off.
When using a shared computer in a library, store, or elsewhere, only visit websites that require no login and neither collect nor show any personal information. Never make a purchase on a public computer. You will not know, and the librarian or retailer will not know whether they have been infected with keystroke logging or other malicious software that can make criminal use of your information. Public access computers are just not safe.
If you must log in from the computer of a trusted friend instead of using your own, see that they are running anti-virus / anti-malware software and a firewall, and then only use their browser in it's "private" mode, or "stealth" mode, or whatever that browser calls the mode in which it erases all traces of your activity when you close the browser. Be sure to close the private browser window when you are done.
Look for "https" (not http) at the beginning of the URL on every site's login page *before* you log in, and throughout your entire interaction with the site.
Make sure the URL indicates the site you expect. For example, wellstargo.com is not wellsfargo.com!
Protect your computer with firewall and anti-virus / anit-malware software, a strong password, and a quickly-triggered screen saver. Don't leave your computer "just for a minute" when you are in a public place.
Do not use public computers to visit sites that require a login or show or ask for personal info, and don't provide a credit card. They may be infected with programs that steal login information and send it off to criminals. When borrowing a computer from a trusted friend, use the browser's private mode.
About Your Personal Information
Communication between your browser and this site is protected with state-of-the-art TLS encryption. (This is often called "SSL" out of habit, but TLS is more secure than the old SSL standard.) We use TLS for all traffic, even public pages like this one that contain no personal information. You should not use any site that requires a login or asks for or displays sensitive information unless it provides TLS-based protection from before you log in until you log out. If it does, you will see "https" (not "http") where you type the web address of the site you are visiting.
When sensitive items (name, email address, password, ...) are stored in our database, they are encrypted. If someone stole them, they would see something indecipherable like "@)d$2,k%s9Ls#" instead of a name, phone number, or other sensitive information.
We do not sell or give your personal information to other persons or companies. We do not store anything in browser cookies that would be of use to a hacker, site tracker, ad campaign, or other purposes, so even if you were hacked, there is nothing from us for hackers to leverage. We do not read cookies from from other sites, or track your use of other sites in any way.
Most sites use session identifiers that are not cryptographically strong, often in cookies and or headers that are not secure. This means your sessions with other sites are vulnerable to a hacker stealing or faking your session identifier and passing themselves off as you. We employ cyrptographically secure session management techniques, and hide them within an encrypted tunnel.
Web activity monitoring such as that used by Google, Facebook, your internet service provider, or others might detect the pages you visit on our site (but nothing more specific than that), and possibly factor that into what advertising they show you. We cannot prevent this. In some cases you can prevent or reduce this with an option on those other sites, or in your browser, or by using privacy-focused browsers, search engines, service providers, or other services.
When it comes to computers and the internet, the biggest risk to your privacy is *YOU*. We are doing our part, but you need to do yours. If you read nothing else on this page, read the section on Strong, Practical Passwords!
Any time you want to change your id or password, login, go to your account settings, and proceed from there.