Google placed a banner above my GMail account warning that Google may be subject to attack from Chinese hackers. Whether or not you as a Google user are under attack or if Google is taking a shot at China’s censorship policies, the staff at Google offers some sound advice:
- When it comes to PDF and RAR files, “We strongly recommend that you avoid clicking links or attachments in suspicious messages.”
- “Be careful about where you sign in to Google.” Look for the “https://accounts.google.com” preamble in the web address, and use strong passwords.
- When it comes to passwords, come up with a core password that you can re-use for different sites. For example, if you hate broccoli, try “I hate broccoli” as “1h8Br0ccol1”. Prepend that core password with a month and date, e.g. 1201 for January 2012, and then change that part of the password every month. This way, each month on the 1st, you can change your password just by changing one or two characters, e.g. 12011h8Br0ccol1 in January, 1202ih8Br0ccol1 in February.
- Part two of this is to not use the same password on every site, so I suffix my passwords with something to tie it to the site, e.g. 1201h8Br0ccol1GM for GMail and 1201h8Br0ccol1FB for Facebook.
- As long as you consistently change that password on the 1st of each month, you only need to memorize the core password and the “code” for making a unique password each month.
“Always use up-to-date software”. I know it is annoying, but keep your computer updated as much as possible. The risk of an exploit against your computer is probably greater than the risk of a feature not working due to an update.
If you are uber paranoid, “Enable 2-step verification in Gmail.” I tried this once, and it is a slightly inconvenient security measure if you log into Google products from various locations–home computer, phone, work computer, hotel computer, etc. If you only log in from one or two locations regularly, then consider the 2-factor verification.