Cyber Security for Second Life

Here are some guidelines and recommendations to help keep your computer and your information safe.

General

• Ensure all of your programs and your operating system are up to date with the latest patches

• Ensure that your anti-virus and anti-spyware programs are up to date with the latest signature file

• If you are not behind a corporate firewall, ensure that you have a software based firewall on your desktop/laptop

• Do not click on any links or open any attachments that you receive in emails that you are not expecting

• If you click on a link from a trusted friend, make sure it goes to the website address that you are expecting

• If you use Firefox as a Browser, consider installing the "No Script" plugin

Passwords

• Make passwords different on each account that you have

• Make passwords as long as you can - Second Life allows up to 16-character passwords (without spaces), so your password should be 16 characters

• Make your password random, using a mix of letters, numbers, and symbols, without using any real words or a sequence of numbers

• Consider using a password manager system like KeePass or LastPass to create and store random passwords for you

• Don't use the same password on different websites

• Don't change your password unless you suspect it is compromised or you discover that it is weak ("do it right, do it once")

• Don't enter your username and password into websites that you reached by clicking a link in an email or a Second Life IM

• Don't download software from website links given to you by random strangers

• Don't EVER share your password with anyone!

Articles about passwords

• 2011 cartoon about password strength (from xkcd)

• Linden Lab Official: Password Protection

• Password strength article (Wikipedia)

• Password strength and security article (Second Life forum)

• The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time (Gizmodo)

Password strength tests

• How secure is my password? (educational website sponsored by a password manager program)

• Password strength calculator (sponsored by another password manager program)

• Password strength checker (Microsoft)

• Password strength meter (sponsored by a password management service)

• Password strength test (includes random password generators)

• The Password Meter (password strength checker)

Discussion

As the xkcd cartoon says, "Through 20 years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess." The old-time picture of a computer hacker was someone who knew you and kept trying passwords that were related to you - your birthday, your pet's name, your home town. The modern hacker uses a computer program that guesses 1000 passwords per second, first using words from the dictionary. So modern passwords need to be long and random, using upper and lowercase letters along with numbers and symbols, without using recognizable words or number sequences.

Here's what happens if your password is too easy.