So you have found a really interesting website and you need to sign-up to get more information, perhaps post items to sell or buy or participate in an online community.
You will be asked at some point to sign up with a form which will ask for a range of information being required – this can be divided into two levels.
The information will at the very least include a user name, email address and password.
This could include a range of things including telephone number, date of birth, address etc
User name and email address
Websites usually like these to be unique as this will also help them to keep track of registrations, although sites as large as Facebook will inevitably have duplications, which is why increasingly websites use the email address as the ‘unique’ user name. In order for the sign-up process to be reasonably secure, the website will usually protect itself by asking you to authorize the sign-up – by emailing you with an email link which proves your email address is genuine – this stops ‘Bots’ from doing multiple registrations and then causing havoc on the website.
(1) Try to use different user name and email address for each website if you can.
This is hard but worth the effort as it will help protect your security as if hackers get your password/user name combination from one site they will look for you on other websites and try there too. Consider using a free email account or disposable email address ( see Why you shouldn’t rely on one email address)
Known only to you. Most good websites now do not store your password in plain text to improve security – if the passwords are stolen in hash form they cannot be identified so easily. The password is ‘hashed’ with a one-way algorithm and stored that way – when you login this is compared with a new hash of what you type in.
(2) Make sure you use a strong password for all websites – check it is not on a hacker dictionary list (use Technic-al Password Assessor) and ideally 8 characters minimum.
Short, commonly used passwords are very easy to crack and put the account at risk.
(3) Never use the same password for multiple websites.
Do you really want your password from an insecure forum website used to hack into your ebay account?
(4) Be more organized with passwords – it is easy to signup quickly with your common password and then forget the website – security risks have increased almost exponentially with computing power and if they are hacked a year later you could be vulnerable. Consider Password Padding to increase the length of passwords but keep them memorable.
This will go beyond what is need to sign-up to a website.
(5) Think very carefully about what information you want to give out – a birth date can be used for other security features like banking.
Is a virtual Happy Birthday greeting from an anonymous forum server worth the risk of your bank account?
(6) If they insist and you don’t think it is vital – make it up.
Keep a note just in case – but if you get that Happy Birthday greeting a month early from the forum server does it matter?