This week I am out at a Peak Potentials boot camp called Guerilla Business School. It has been absolutely fantastic and I would highly recommend it to anyone!

This is a PUBLIC SERVICE ANNOUNCEMENT for those who are in the seminar and attended Alex Mandossian’s excellent session on web-based marketing.

Today when we were talking about free online sites, a service called LogMeIn.com came up. LogMeIn is a site that facilitates logging into your PC from anywhere in the world.

These types of services can be extremely convenient, but there are some very important security considerations that must be taken. Failure to take appropriate precautions opens you up to ATTACK by professional criminals from ANYWHERE in the world.

I poked around the site, and it seems to offer decent security options, but unfortunately MOST people opt for the LEAST security possible for CONVENIENCE purposes, and the WEAKEST LINK in every security system is often YOU.

Let’s be clear. This site allows you FULL ACCESS to your computer from ANYWHERE in the world.

Here are some tips to use this type of site safely. These are the same tips I teach to my corporate customers:

1) This is an OPEN door into YOUR computer! Only use a service like this if you have a compelling reason. Any open door is a potential security hole for hackers. If the door is not open, the hacker cannot get in.

2) Use ALL the security features they offer! For example, this service has a feature that allows you to check the logs to see who is logging in – USE IT! Also, look into features such as one-time passwords and RSA SecurID tokens. These are significant security improvements.

3) HOW you log into your computer MATTERS. In order to use the service, you must log into the site as well as your computer. Most people log into their computer as an ADMINISTRATOR. AVOID doing this at all costs. Ideally, create a special guest account with low privileges, and use THAT account for this service. This ONE THING will make a HUGE difference. In fact, the less often you log into your computer as an administrator, the better.

4) Strong passwords are CRITICAL. Unfortunately, most people get this completely WRONG!

A few words on passwords. Remember, you are allowing people to log in to your computer from ANYWHERE in the world! You MUST use STRONG authentication. Passwords MUST be L-O-N-G and complex.

Passwords should be at least 8 characters (more is even better), and a combination of letters, numbers, and special characters.

Just for the record, if I were to allow a service to log me in from anywhere in the world, I would choose AT LEAST a 14 character password.

An easy way to remember a long password is to choose a quote from a movie, book, or song that you like. For example, a favorite movie of mine is The Princess Bride.

A popular quote from the movie is:
“Hello, my name is Inigo Montoya. You killed my father, prepare to Die!”

To choose a password using this quote, use the first letter of each word and include the special character. In this case, it becomes:
H,mniIM.Ykmf,ptD!

Believe it or not, this is a 17 character password that you will NEVER forget!

Also, passwords should NEVER look anything like words, even if you use the popular technique of substituting symbols for letters or numbers. For example, @ for A, 5 for S, etc.

Using this method, Password might become P@5sw0rd

Just to be clear, this is NOT a secure method of choosing a password! All good hackers know this trick, and the book/movie/song quote method I discussed above is MUCH better.

5) WHERE you store your passwords matters! Do NOT store your password on your computer, phone or PDA unless it is encrypted! If you do not know how to do this, you are probably better off writing it down somewhere safe at home, or memorizing it.

Remember: if you store it digitally, it can be STOLEN!

6) Don’t make all your passwords the same! A common method of IDENTITY THEFT is to break into one account, and then quickly log into all your other accounts that use the same password. Use DIFFERENT passwords for EVERY site! This goes double for online remote login services!

Think secure and be secure!
–rob