- Keepass - KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish). We do not store passwords in plain text, in software programs, in browsers. Nada. They are all encrypted, so if we're ever exploited, they're not "get-able", at least for now. (There is 1Password for Macs - thanks to Adam for reminding me that its not entirely the Windows people's fault - though it mostly is. :P)
- Kaspersky - We never, ever, ever run without Kasperky Internet Security. Ever. It's my personal favorite, and if I could get it for my house itself, I would. One of the biggest problems we see is that people have a virus and malware scanner running weekly or so, but they run rampant all over the Internet with no constant firewall protection that gets things as they come in. If you run with a scanner, and it shows a rootkit, I don't care WHAT your program says about how it quarantined this file and that file - you are very likely screwed already, to put it bluntly. If you have a rootkit, you nuke and rebuild (and overwriting and wiping the drive with dban for good measure is a good idea). Anything less is false security. The infection will very likely reinsert itself at the first possible chance it has. You don't have to use what we use, but you need to use something all the time, every day, whenever you are connected to the Internet. Always. Without exception. And keep it updated.
- Use Strong & Different Passwords for EVERYTHING - If I had a dime for everyone who asked me to change their password to something like pencil1 in cPanel (like their password is in billing), I could retire. My rule is if you can easily remember it, it's bad. Use a site like password meter to learn what a good password is, or to generate one - Keepass is awesome for this as well, as it generates them for you as well as remembers them in an encrypted format. But whatever you do, don't use pencil1 on everything. Oy vey. Please, don't.
- Don't store passwords unencrypted - The programs that let you save passwords are convenient, aren't they? Yep, they are - and for more than just you. If you wouldn't post it on a web site, don't store it plain text.
- Know Your Site - Actually look at the file change dates on your site once in a while - did you last update that file in September 2008? Well, then why does it have an April 29, 2009 last updated date? Look at the code. If you find you were infected, CHANGE your passwords. Contact us and let us know that you need us to monitor your site for file changes, and we will, just to be sure.