There’s a lot going on behind the scenes as you surf the web. You might have heard about things like “cookies,” but do you know what they do or what else your browser is storing?
Whenever you use your browser, the sites you visit and actions you perform result in information being saved. This data is typically used to make navigating the web easier for you in the future.
Many different pieces of information are being stored while you’re online. Cookies are just one part of the equation. There’s also your browser’s cache, history, autofill information, saved passwords, and even more little bits of data.
Why does it matter?
You might be asking why you need to know about your browser data. Depending on the situation, you might want to change certain browser settings or learn how to clear your data. Understanding your browser data can do the following:
- Avoid privacy or security issues
- Help you make the right decisions with your settings
- Underline the importance of clearing your data
- Help you decide what data to clear
- Show you how some websites work
- Make it easier to troubleshoot problems
Also, many people use a browser on their computer, phone, or tablet every day. That’s a lot of data. It’s important to stay informed and know what’s being saved.
What data is being stored?
A lot of different kinds of information get stored while you’re using the web. In this article, let’s talk about some of the biggest types of data being saved, including how they work and what to watch out for.
What’s typically being communicated is information about what you’re doing on the site. Cookies help keep track of visits to a certain website, certain pieces of information, and things like what’s in your cart at an online shop. For instance, when you go back to a website and see your login information has been saved, it’s likely that cookies were used to do this.
There are two main types of cookies you should know—session cookies and persistent cookies. Session cookies are stored temporarily. Once a “session” is over, the session cookie is gone. This means you simply need to close out of your browser to lose the cookie. Persistent cookies, though, stick around. These are the kinds of cookies that help do things like save login information or preferences you’ve indicated on a website.
Though cookies are very helpful, it is possible for unwanted cookies to collect data about your visits and then be used in ways that aren’t helpful to you. For instance, some cookies can be used to keep track of your interests and show you ads based on those interests. This practice is concerning to some people. One way to try to combat this is to see if your browser allows you to block third-party cookies. These cookies are sent to your browser from a source other than the website you’re on—often from an ad on the page.
However, for the most part, it’s typically recommended to allow your browser to accept cookies. If you’re visiting safe websites, you’re probably not encountering unwanted cookies. They make visiting sites a much easier and enjoyable experience, as well.
Your browser history is pretty straightforward: it displays the sites you’ve visited in the past. Your history is a recording of the sites you’ve gone to, including the name of the page and when you visited. Depending on your browser, your history might go back to pages you visited months ago. This can be really helpful to you, because if you forget to bookmark a site, you can always go back and find it in your history.
If you’ve ever been told to “clear the cache,” you might have done so while wondering what you were even deleting. The browser cache is a way to save certain things on websites in order to load things more quickly and efficiently in the future. Pages or pictures on a website might be saved to the cache. This means that if you visit a site and certain images are saved to the cache, then the next time you try to load another page on the site with those images on it, they won’t have to be accessed from the website all over again—they’ll just be displayed from the browser cache.
This can be really helpful if you’re clicking through multiple pages on a website and there’s, say, an image at the top of each page being used as a banner. You won’t have to load it from the website every single time you click on a new page. Not only does this mean that things load more quickly for you, it also means it takes a bit of stress off the website’s server.
Autofill data is typically form information that’s saved for later. Think about all the times you’ve entered your address in a form. Storing autofill data means that next time you need to enter your address, you might not have to type it all back in again. This works with all kinds of information. Different areas (or “fields”) of a form often have names assigned to them. Autofill can use these names to identify which field to enter each piece of information into, so it won’t accidentally put your city in the field asking for your phone number.
Some browsers can also save your passwords for you. If you’re using different passwords for each different account you have (which you should—take a look at my article about managing your passwords!), then those passwords can be difficult to keep track of. You often have the option to let your browser remember the password for you. This password data is typically saved to just that certain browser on that specific computer.
Though it’s likely tempting to take this option, be careful! If you’re using a shared computer, others will have access to your accounts. Keep this in mind, and make sure you never save your password to the browser if strangers will have access to it.
What you can do with your browser data
Now that you know about some of the data your browser is storing, you can make some informed decisions. Data takes up some space on your devices, and some of the stored data may be totally useless to you (or even completely unwanted), depending on how you typically use your browser. The good news is, you do have some choices when it comes to your browser data.
Change your settings
Most browsers allow you to change your settings to fit your needs. For instance, you can choose to block third-party cookies, or, if you want, even block all internet cookies. You might also want to turn autofill on or off. Depending on your browser, you can likely edit your autofill information, as well. If you have a new address, you can update your old autofill information. If you saved some information on accident, you can delete it. You can also turn saved passwords off and on, as well as delete passwords. Most of this data can be managed in some way.
In Chrome, you can find these kinds of options in your Settings under the Advanced section. In Firefox, these options can be found in the Options under Privacy & Security. Similar settings can be found in most popular browsers.
Clear some or all of your data
You can clear your browser data as often as suits you. Unless you’re having issues with your browser, you probably don’t really need to clear your data. On the typical PC, browser data doesn’t usually take up that much space. Of course, phones and tablets can be a completely different story. If you don’t have much space left on your phone, clearing your browser history actually can make a notable difference.
Also, you can clear data if you have any privacy concerns. If you share your device, you might want to clear your history. (You can also bypass this altogether by using something like Chrome’s incognito mode, which prevents browser data from being saved while in use.)
You can typically choose which data to delete and how far back you’d like to go. For instance, you might only want to delete your history so you keep your cache and cookies for easier browsing. You could delete just some of your recent history, or you could delete it all. Take a look in your browser’s settings to see which options you can choose from!
Passwords can be a tricky part of using electronic devices and keeping connected on the internet. Whether you like to explore different services on the internet or just visit a few websites, it can be difficult to keep track of login details. And it’s sometimes hard to remember how to create good passwords and keep them secure.
It’s extremely important to maintain good habits when it comes to passwords. If an account is compromised—if someone gains access to your email, social media, or any other service—they might be able to get a glimpse of a lot of different data.
Naturally, if someone gets into your email account or Facebook, they’ll hit the jackpot through your posts. But even smaller websites can cause trouble. Credit card info and addresses saved on various different store websites, phone numbers, work information—depending on how active you’ve been online, all kinds of different information could be spread across many different websites.
How can passwords be compromised?
Passwords can be stolen through various different means. Here are just a few ways they might be taken:
- Phishing—scammers trick people into entering their account information in a fraudulent website or through other communication
- Dictionary attacks—hackers use a program that creates possible passwords by using a dictionary and trying out common words and combinations
- Keylogging—people might place a keylogger on a device to track what is being typed
- Password sniffing—someone might use software to record sensitive data being transmitted by a device
These techniques are all good reasons to keep up to date on virus and malware protection, as well as to always be careful about which websites you visit and who you give your data to. However, these techniques are just part of the problem. Many people don’t realize that their password habits might be making it easier for people to get into their accounts
What are some typical user errors?
Putting aside the techniques mentioned above, accounts can be breached if users don’t practice good password habits. Here are some of the bad practices that are sometimes used:
- Using the same password everywhere
- Using extremely basic passwords (including the popular “123456”)
- Freely offering their passwords to people they know
- Using easily obtained information in passwords (like a child’s name or a birthdate)
- Using the same password for years
- Emailing a password or storing passwords in a document
All of these practices make it easier for a password to be guessed or stolen.
How to create and use passwords safely
There are some ways to make passwords stronger. Ultimately, the hacker or scammer is at fault for whatever harm they cause, but using strong passwords can prevent a lot of hassle and damage. Here are just some ways you can start creating stronger passwords and building good habits:
- Use a mix of upper- and lower-case letters
- Include numbers (but not easily guessed numbers, like a birth year)
- Include special characters if possible (exclamation points, question marks, and underscores are often allowed)
- Use difficult to guess phrases
- Replace some letters with numbers (like 0 instead of o, 1 instead of i, 4 instead of a, et cetera)
- Create a long password (around 11 or 12 characters)
- Change your password regularly (at least once a year)
- Use a different password in every account (seriously!)
- Avoid storing passwords in files saved to your device or in emails
How to remember passwords
Depending on how many devices and online accounts you have, you might need quite a few different passwords. And since you really should come up with a different password for each account and then change those passwords regularly, you might be thinking about how hard it will be to remember all of them.
Unfortunately, this can be a real problem, but there are some ways to make things easier. These are some ways you can remember your passwords:
Think of something personal
Try making your password relate to something personal and private. It could be a favorite menu item at a local restaurant or a saying you like. Just make sure it doesn’t only use “dictionary words” and that it follows the guidelines above. This is especially effective if you choose something that others don’t generally know about or relate to you.
Think of a theme
It might be easier to remember your passwords if you come up with a theme. You should still follow the guidelines above, though, and make sure you don’t use an obvious theme, like “the names of my family members.” For instance, if you have a favorite book or show, try making your passwords include a fictional location, important page number, or words from a fictional language. This way you can use best practices but still be able to jog your memory by thinking about the theme you chose.
Leave clues for yourself
You should avoid writing your passwords out on paper or typing them up into a Word document if you can, but you could write down some clues that can help you remember the password. If you’ve got a decent memory, it might be enough to just write down what the account is and the first letter of the password. If that’s not quite enough, you can leave yourself a private, secretive reminder.
For instance, if your password includes a fictional land from a favorite book, you could write down a few words about what the land looks like. If your password has a phrase your friend says all the time, you could write down your friend’s name. Little clues like this would likely be difficult for a random person to decipher but be enough to help you remember what password you chose.
Consider a password manager
A password manager is a tool that lets users store all of their passwords in an encrypted and highly secure account. Users can then enter just one password to gain access to their numerous other passwords. These password managers have a lot of security measures in place to try to keep passwords from being stolen.
Of course, some people might be wary of using a password manager. It feels wrong somehow to store every password in one place. If you are worried about it, that’s a good sign that you’re careful about your information. And you should certainly never trust a password manager without doing careful research on it.
However, there are some password managers that are highly regarded and well trusted. If it has good reviews and credible, trustworthy sites recommend it, you should think about saving yourself some serious trouble and getting a password manager.
There are a few password managers that are typically considered the safest, most well-established options. Here are just some of them:
Dashlane received an “outstanding” score (5 out of 5) earlier this month on PCMAG’s website. Dashlane is a password manager that has a limited free version (you can only use it on one device and have fewer special features). It also has paid levels—Premium for $39.99 a year or Business for $48 a year per user. Depending on which account you get, you can store unlimited passwords, generate passwords, and backup your account so nothing gets lost.
LastPass 4.0‘s Premium offering also has an “outstanding” (5 out of 5) score on PCMAG’s website. LastPass is a well-known password manager that many users choose. It has been in the news for some security issues in the past, but it seems as though these issues have been addressed. LastPass, like Dashlane, has multiple plans. LastPass has a free option that allows one user to have access. No matter which plan you use, you get access to your account across devices. It also can generate passwords. There are Premium and Family plans, and there are two options for Business plans.
LogMeOnce is another well-known password manager. The LogMeOnce Password Management Suite Ultimate 5.2 (a paid version of the service) has an “excellent” rating on PCMAG (4.5 out of 5). It has a free version (called Premium) that lets you sync your information across devices and generate passwords. Paid versions include account backup and extra support. There are also business plans available.
Sticky Password is a password manager that, like the other managers, has paid and free levels. The paid version, Sticky Password Premium, has an “excellent” rating (4.5 out of 5) on PCMAG’s website. The free version lets users log in with a fingerprint, and it also works on “all major platforms.” The paid version also lets you sync across devices and back up your information. It appears to have fewer features than some other password managers, but it offers what is likely most important, and the Premium account is only $29.99 a year.
Recently, Wombat Security Technologies surveyed 2,000 adults in the U.S. and U.K. to see how secure their online habits were, and measure the average level of knowledge about online risks. The results were disappointing (though perhaps not to companies who specialize in online security training, like Wombat Security). Wombat vice president of marketing Amy Baker states, “We often find that those of us who work in cyber security overestimate the knowledge the general public has on cyber security risks and basic secure behaviors.”
Two-thirds of those surveyed didn’t know what ransomware is, and nearly one-third didn’t know what phishing is. Half of the U.S. group had been victims of identity theft. Considering the abundance of online threats that have sprung up seemingly overnight, including the unprecedented WannaCry attacks and the Petya virus in May, maybe a refresher of online security terms and best practices is in order.
First things first. There is no need to panic. Most of the attacks are targeted at large corporations. Most, but not all. There are still plenty of scams and threats for those who are vulnerable. Online criminals are just like real-world criminals: opportunists. If you leave your valuables in plain sight in an unlocked car, they probably won’t be there when you come back. If you hide them and lock the doors, chances are good that thieves won’t bother you.
Keeping your online accounts and files secure is never a sure thing, but there is plenty you can do to lower your risks. If you at least make yourself a difficult target, thieves will most likely move on to easier pickings.
Basic security terms
Malware is an umbrella term to describe any software or program designed to damage computers or files. Viruses, trojans, spyware, and ransomware are all malware.
Ransomware refers to software attacks that take your files ransom: your files are encrypted, and you get a message with instructions to send payment to an untraceable account to regain access. Most attacks have been to companies and government servers, and individuals are at a low risk of attack. Unencrypting the files rather than paying the ransom hasn’t been successful and even paying does not guarantee you will get access to your files back. The best protection is prevention. Backing up your important files in a separate location (an external hard drive or a password protected cloud account) is already something everyone should be doing, but that many do not. Windows has issued a patch to secure the breach that was being exploited, so if you have a computer running Windows and have installed all available updates, you are not vulnerable to WannaCry.
Viruses are malware that spread rapidly by attaching themselves to other files.
Trojans are malware that looks like normal software. A Trojan lets other malware in.
Spyware doesn’t interfere—it records what you do, including passwords, account numbers, and other sensitive information.
Adware isn’t inherently malicious, though targeted ads, spam, and popups can make you feel attacked. And adware has to get through your security, leaving holes for other malware.
Phishing refers to any scam where the scammer contacts you to try to get information or money. It could be on the phone, through email, through social media, or a website. It may be obvious (asking for information or to wire transfer money), or more subtle (clicking a link or installing/downloading a file, which then collects the information or transfers the funds).
To see examples of phishing, visit Microsoft support.
Sometimes your friends are not your friends: Facebook accounts regularly get hacked, and then the hacker can trade on the trust between friends to spread scams. Often the owner of the compromised account doesn’t even know what is happening. If a friend is posting links that seem out of the ordinary or making offers that promise free money or goods, it may be worthwhile to contact your friend offline to see if they are really behind the posts.
The term “mobile device” doesn’t just refer to your smartphone. The growing “Internet of Things” includes smart watches and Fitbits, tablets, home networks and security, smart TVs, cameras—even refrigerators; anything that is connected to the internet or a network and isn’t an actual laptop or desktop computer is a mobile device. The problem with mobile devices (especially older ones) is that security updates are often neglected, or non-existent. Software companies are stepping up their security game with these smaller devices as attacks increase, but as with any new technology, it takes time to work out the kinks. Meanwhile, it is better to save your information sensitive transactions for your more secure devices.
According to Microsoft, “a firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.”
What can you do?
Use passwords. This should go without saying, but I’m going to say it: use passwords.
Choose a secure password—use numbers, symbols, and capital letters, and for the love of Pete, don’t use your name, birthday, or “password.”
Use different passwords—if a hacker does get into one of your accounts, that’s bad. If they have all of your accounts, that’s worse. Don’t make it easy for them.
Don’t share your password. Just because you trust someone doesn’t mean they are trustworthy. But it also doesn’t mean that they will be as careful with your accounts as you would be.
Only conduct business on secure Wi-Fi connections.
Public connections (hotels, coffee shops, airports) aren’t secure just because the business is one you trust. Places with a password that you need to get from the clerk (or that is printed on a receipt) are a little better than those with an open network (no password needed), but it’s better to wait till you are in a secure connection to send sensitive emails or do your online shopping.
Regularly update your software.
I’m as guilty as the next person of putting off that “update required” notification, but procrastination can get you in trouble: security teams who are keeping up with weaknesses in their software need you to install their patches, or you don’t benefit from their services., and it is usually something the software developer has developed and update to fix, meaning that those not updating regularly are at risk. The patches to stop the WannaCry attacks were available in March. “This isn’t rocket science; it’s an oil change,” comments David Venable, a former intelligence officer with the US National Security Agency.
If something seems too good to be true, be suspicious and do your homework
Don’t call me, I’ll call you: Don’t share personal info with anyone who contacts you; tell them you will contact them with the deets. This includes spam emails: if you didn’t solicit an email, or don’t know the person who sent it, don’t open attachments. This is how many viruses spread. Even if you do know the person who sent it, exercise caution. Email accounts can get hacked.
Never, ever wire transfer money to someone you don’t know in person, and can’t talk to on the phone. The same goes for giving out your credit card number. When shopping online, companies like eBay and Amazon offer protections and refunds if your goods never show up, and PayPal does too—not to mention that the payment can be can be tracked if something fishy happens, and individuals don’t have access to your account information.
Only download files from trusted sites. Your anti-virus software can only do so much.
Make sure you have firewalls and antivirus software installed and updated
AVG currently has some of the best free antivirus software. Or you can pay a little for more advanced security. You can even get security for your smartphone.
Cat tries to unlock phone: https://imgur.com/ZfFg47qIf you have a computer that runs Windows Vista or newer OS, you have a firewall installed and running by default. For other operating systems, you should check with the provider to see if you are protected.
An external hard drive or secure, password-protected cloud storage should be a regular part of your internet security plan. If your computer files do get corrupted, either maliciously or not, having separate copy means you won’t lose everything. But the key word is “separate”: leaving your external hard-drive connected to your computer network defeats the purpose.
How secure are you?
Rawpixel.com via shutterstock.com
The first Thursday in May is World Password Day, but don’t buy a cake or send cards. Computer chip maker Intel created the event as an annual reminder that, for most of us, our password habits are nothing to celebrate. Instead, they – and computer professionals like me – hope we will use this day to say our final goodbyes to “qwerty” and “123456,” which are still the most popular passwords.
The problem with short, predictable passwords
The purpose of a password is to limit access to information. Having a very common or simple one like “abcdef” or “letmein,” or even normal words like “password” or “dragon,” is barely any security at all, like closing a door but not actually locking it.
Hackers’ password cracking tools take advantage of this lack of creativity. When hackers find – or buy – stolen credentials, they will likely find that the passwords have been stored not as the text of the passwords themselves but as unique fingerprints, called “hashes,” of the actual passwords. A hash function mathematically transforms each password into an encoded, fixed-size version of itself. Hashing the same original password will give the same result every time, but it’s computationally nearly impossible to reverse the process, to derive a plaintext password from a specific hash.
Instead, the cracking software computes the hash values for large numbers of possible passwords and compares the results to the hashed passwords in the stolen file. If any match, the hacker’s in. The first place these programs start is with known hash values for popular passwords.
More savvy users who choose a less common password might still fall prey to what is called a “dictionary attack.” The cracking software tries each of the 171,000 words in the English dictionary. Then the program tries combined words (such as “qwertypassword”), doubled sequences (“qwertyqwerty”), and words followed by numbers (“qwerty123”).
Moving on to blind guessing
Only if the dictionary attack fails will the attacker reluctantly move to what is called a “brute-force attack,” guessing arbitrary sequences of numbers, letters and characters over and over until one matches.
Mathematics tells us that a longer password is less guessable than a shorter password. That’s true even if the shorter password is made from a larger set of possible characters.
For example, a six-character password made up of the 95 different symbols on a standard American keyboard yields 956, or 735 billion, possible combinations. That sounds like a lot, but a 10-character password made from only lowercase English characters yields 2610, 141 trillion, options. Of course, a 10-character password from the 95 symbols gives 9510, or 59 quintillion, possibilities.
That’s why some websites require passwords of certain lengths and with certain numbers of digits and special characters – they’re designed to thwart the most common dictionary and brute-force attacks. Given enough time and computing power, though, any password is crackable.
And in any case, humans are terrible at memorizing long, unpredictable sequences. We sometimes use mnemonics to help, like the way “Every Good Boy Does Fine” reminds us of the notes indicated by the lines on sheet music. They can also help us remember a password like “freQ!9tY!juNC,” which at first appears very mixed up.
Splitting the password into three chunks, “freQ!,” “9tY!” and “juNC,” reveals what might be remembered as three short, pronounceable words: “freak,” “ninety” and “junk.” People are better at memorizing passwords that can be chunked, either because they find meaning in the chunks or because they can more easily add their own meaning through mnemonics.
Don’t reuse passwords
Suppose we take all this advice to heart and resolve to make all our passwords at least 15 characters long and full of random numbers and letters. We invent clever mnemonic devices, commit a few of our favorites to memory, and start using those same passwords over and over on every website and application.
At first, this might seem harmless enough. But password-thieving hackers are everywhere. Recently, big companies including Yahoo, Adobe and LinkedIn have all been breached. Each of these breaches revealed the usernames and passwords for hundreds of millions of accounts. Hackers know that people commonly reuse passwords, so a cracked password on one site could make the same person vulnerable on a different site.
Beyond the password
Not only do we need long, unpredictable passwords, but we need different passwords for every site and program we use. The average internet user has 19 different passwords. It’s easy to see why people write them down on sticky notes or just click the “I forgot my password” link.
Software can help! The job of password management software is to take care of generating and remembering unique, hard-to-crack passwords for each website and application.
Sometimes these programs themselves have vulnerabilities that can be exploited by attackers. And some websites block password managers from functioning. And of course, an attacker could peek at the keyboard as we type in our passwords.
Multi-factor authentication was invented to solve these problems. This involves a code sent to a mobile phone, a fingerprint scan or a special USB hardware token. However, even though users know the multi-factor authentication is probably safer, they worry it might be more inconvenient or difficult. To make it easier, sites like Authy.com provide straightforward guides for enabling multi-factor authentication on popular websites.
So no more excuses. Let’s put on our party hats and start changing those passwords. World Password Day would be a great time to ditch “qwerty” for good, try out a password manager and turn on multi-factor authentication. Once you’re done, go ahead and have that cake, because you’ll deserve it.