I've just had to spend the last hour changing all my passwords and encrypting them into my TrueCrypt vault, after multiple attempts were made by persons unknown to gain access to my email account, my bank account and my web hosting account. I've also had to stop using my public email address for all the various online services that I use, since using my public email address for signing in gives a potential hacker one foot in the door. If they know the email address then all they need is the password. But if I keep the sign-in email address secret then they have to find that out too which makes things a lot harder for them. Not impossible of course but one extra hoop for them to jump through.

I found out about the hacking attempts this evening when I logged onto my email and discovered emails from the various services saying there had been unsuccessful log-on attempts. Paypal in particular is very good about sending out these kinds of notifications. Knowing that I didn't have any password problems (plus I had been out of the house for the previous couple of hours), I knew that I had been the target of a hacker, or as I call them, "password sniffers". I also have other names for them but I'm trying to keep this blog suitable for all ages.

So the first thing I did was review my passwords and looking at them, I realised that they weren't really that secure. OK, I'm not stupid enough to use "PASSWORD" or "MARK" but at the same time, a determined dictionary brute-force attack would have got the passwords in the end. That's when I realised that I needed to secure the various online services with long unbreakable password strings. This includes :

• Letters - both upper-case and lower-case
• Numbers
• Special characters such as @ ! " # + ?
• A minimum 20 characters long but if you must make it shorter than that, no less than 15 characters long.
• No connection whatsoever to any personal detail of your life - so no birthdays, pet names, street names, names of your first sweetheart, anything like that. Keep the password totally impersonal.
• Changing the passwords every 30 days.
  

So a good password would be something like !$!@yStP5x@u1P!QD2!5

If you have to type the passwords in a text file or word document then make sure you have some kind of encryption scheme in place so the password file can't be cracked. Truecrypt is excellent but a more simple solution would be Locknote.

If anybody hacks a password like !$!@yStP5x@u1P!QD2!5 then they deserve a job at the National Security Agency.

For the past few days, I have been playing around with a piece of encryption software. I have been looking for a reliable encryption tool for quite some time (as I am completely paranoid about hackers and other shady characters!) but I was always concerned that if I chose the wrong tool, then it would irretrievably ruin my hard-drive with an unbreakable, unmovable encrypted file. I mean, once you start messing around with encrypted partitions attached to one of your drives then you could be letting yourself in for a whole host of problems if you set it up the wrong way or if the software malfunctions or even something as basic as forgetting the password. Not to mention the mess of losing the files which are being held inside - some of which may be irreplaceable. So I have been procrastinating about this for a while.

The computer program I found a couple of days ago was TrueCrypt and so far, it seems to be working well. It was recommended by PC Magazine and I have always trusted their recommendations. I was particularly struck with how simple it was to set up. You get a PDF user manual in the software download and if you follow the manual's instructions to the letter then setting up your encrypted folders is mere childs play.

How it works basically boils down to this - you create a folder on your "C" drive, just a normal regular folder. You give it a name - let's just say for the purposes of this discussion that it's called FORT KNOX. This folder is where the encrypted files will be stored. You then assign a drive number to your folder and it in this drive that the TrueCrypt software will be installed and ultimately live in your computer. You then move the FORT KNOX to the TrueCrypt drive which is protected by a master password. Using the password, you can then "decrypt" your files and access them. When you don't need the files, just remove the FORT KNOX folder from TrueCrypt. The folder is then instantly encrypted again and totally unbreakable (or so the company claims). I would be interested to see how TrueCrypt's algorithims hold up against a determined brute-force attack.

But if you're just looking for basic no-frills security and a way to deter people from casually snooping on your files then TrueCrypt seems to be able to do the job properly. I can't begin to list all the possible uses for such a program. At the very least, you should have an encrypted drive on your PC for personal information such as bank statements, receipts, invoices, passwords, tax paperwork, address books, calendars.....sometimes it pays to be paranoid. Sometimes they really are out to get you.