04 Sep 2007 Microstock Password Security
Over at the Microstock Group forums there have been reports of suspicious activity on microstock agency accounts. My background is IT administration, so I’ve been force-fed security best-practice for years. For those microstock contributors with different backgrounds, here’s some information and tips to help keep your microstock earnings in your own hands.
What Can Happen?
First, let’s take a look at some of the possible negative impacts if your microstock accounts, PayPal or Moneybookers account, or email address are compromised.
- Your earnings can be paid-out into a PayPal / Moneybookers account that’s not yours
- Your earnings can be used to download photos
- Your photos can be deleted
- Your PayPal / Moneybookers account can be emptied into another account or used to make purchases
- Your account password can be changed so you lose access to your account
Password Best Practice
Here some tips to minimize your risks:
- Use different passwords for each account
- Use complex passwords consisting of letters, numbers, different cases and symbols
- Do not list your passwords on your computer unless in a secure password database
- Avoid using your passwords on computers you don’t know
- Use different email addresses for each account, especially for PayPal or Moneybookers
- Keep your anti-spyware software updated and investigate anything suspicious
- Avoid using Internet Explorer which has the most security vulnerabilities
There are never any guarantees, but following these tips will significantly reduce the chances of your accounts being compromised, and minimize the negative impacts if it does occur.
Login Password Encryption
All the microstock agencies reviewed on this blog use industry standard password encryption, a technology known as Secure Sockets Layer (SSL). This technology encrypts your password on your computer before sending it to the website you’re browsing. Only the website who own the security certificate can decrypt the data to read the password.
Use of SSL is indicated by the familiar padlock icon you see in your browser’s status bar, and many browsers also change the color of the address bar as an additional indication. Ultimately, you need to check the address starts with ‘https’ not just ‘http’. However, these indicators aren’t always activated. Some microstock agencies encrypt the password transmissioin without encrypting the entire page. This reduces the amount of traffic using encryption, making the website perform faster. In this case, the padlock icon won’t appear even though your password has been encrypted.
Security on Your Computer
Malicious programs can infect your computer and ‘watch’ what you’re doing, reporting the results to the program’s author. These programs, generally known as Spyware, can see what you type, gaining access to all your passwords. Be sure to keep an up-to-date anti-spyware application installed on your computer.
Security Emails and Phishing
A common technique to gain access to your passwords, known as phishing, involves sending you an email posing as someone official, such as your bank or PayPal / Moneybookers. These messages usually ask you to follow a link in the message disguised as the link of the institution, but is actually an address of a look-alike server which will steal any information you enter.
Always be suspicious of email messages asking for details, and never click the links. Instead, open your browser and type in the address manually.
Be Safe Out There
Your best defense against password security is knowledge. Take the time to understand the issues and you’ll continue to enjoy microstock and the convenience of electronic finances.