"It's been my experience that most people will connect in an insecure manner and end up exposing most of the information that is on their drive," says David Marcus, security research and communications manager at McAfee. "You don't want just anyone to connect to your documents folder if it has all your passwords on it."
If you don't turn on wireless encryption, a neighbor who's only halfway computer savvy could easily put something on your PC that would track your keystrokes, warns Mark Sunner, chief security analyst at MessageLabs. This means that even if you're logging onto a secure site, they would be able to record the keystrokes and go back and log in later.
It's very tempting to buy a wireless router, plug it in and be up and running within a matter of minutes, but realize that by default the firewall component of that router might not be on. Encryption is almost certainly not on, says Sunner.
HOW TO: The typical wireless router will have local area network, or LAN, ports in which you plug in wires connecting to your computer. That's how you can initially install your updates to the wireless software.
- Encrypt. Usually the router will come with a CD that has installation software and the installation software should have a tab on it for security and should show you how to set up encryption. You may be able to choose from various types of encryption. If so, choose WPA, or its newer variant, WPA2, as they're considered more secure than the older WEP encryption.
- Always rename your connection from the default name. Your connection is called the service set identifier, or SSID, which is the name of a local wireless area network. It's a case-sensitive string of text with up to 32 characters. You want to call it something that won't identify you, because this is what anyone in the area can see.
- Choose a strong passphrase to password-protect your router. Don't worry about having to remember this long string of characters. You'll log in from your computer with something shorter. But do keep the passphrase in a secure place that you won't forget about.
"It takes a few extra minutes to set it up upfront when you do it, but it ensures that rogues are not going to connect to your wireless network without you knowing about it," Marcus says.
6. Pump up password protocolWe're constantly called upon to create passwords. How many do we repeat or name something ridiculously easy to guess? "You'd be amazed at the number of people who actually use the word 'password' as their password," PayPal spokeswoman Sara Gorman says.
Here are some rules for creating better passwords:
Don't make it personal: Passwords shouldn't be words from the dictionary, spouses' names, birthdays, Social Security numbers, things that people think are clever because they won't have to write them down. Once a thief gets that fundamental information, it's easier to figure out personal passwords.
Don't recycle: A lot of people will end up reusing a lot of the same username and password combinations, so oftentimes a hacker will gather in that information and use it successfully on other sites.
Test your strength: Miner says that Norton 360, for example, offers a password safe -- software downloaded to your home computer -- that also checks password strength for you. If you keep passwords in an encrypted vault, you don't have to worry about making it easy to remember either. And, by encrypting the list, you solve the physical security problem of written lists.
Good passwords should be composed of a combination of letters and numbers, suggests Miner.