In most cases, the only thing that protects your money, your reputation, and your livelihood are the passwords you use to protect them. Computer security, online accounts, and everything else all pretty much rests on your ability to make and keep good passwords. So why is it that the average person spends so little time and effort doing it right?

Chances are it's because they were never taught how or why they needed to do so. Well, let's change that!

What It Is

Because businesses online quickly figured out that sending names, passwords, credit card details, and other sensitive information out unprotected over the Internet was a bad idea, SSL was implemented.

SSL, or Secure Sockets Layer, is an encryption technique that's already built into your browser. You can see in the screenshots for Firefox and Internet Explorer here where 1) the HTTP in the address bar is listed as HTTPS (where the S stands for "secure") and 2) there is a lock icon (at the bottom right of the window for Firefox and just to the right of the address bar for IE).

https in Firefox

https in IE

Why to Use It

Nothing on the Internet was designed with security in mind, all of it was added as an afterthought. So think about this: when you hit the "Submit" button on any webpage, you're sending data from your computer to theirs, but the Internet is a vast inter-connected web of computer systems that spans the entire globe. Somewhere between you and them could be someone monitoring the traffic.

If someone's listening in, they can look right at your data and take your name and password or any other sensitive data you sent. What happens if someone took your name and password and logged into your mail, your bank, or any other service? They could embarass you, spam people from your account, take your money, etc.

Any time you're about to log in or send form data for an account or online order, make SURE that the HTTPS is active. In some cases, you might have to use a trick or too to turn it on. As in these cases:

Case 1: Finding the option for enhanced security and clicking it.

Case 2: Using my login trick to activate security.

When to Use It

You are most at risk when using hotspots at hotels, airports, and cafe's. Consider that the hotel itself or at least all the people there have access to the wireless networking equipment you connect to. Since you are going through them for Internet, they can easily see anything and everything you send. The same goes for your Internet service provider and many of the people who work for them (though you might assume, right or wrong, that the ISP has better physical protections and auditing to prevent their employees from doing it).

Take blind faith out of the equation and make sure HTTPS is active instead!

Limitations

When you see HTTPS, it means you have a mostly secure end-to-end connection, but the first problem is that SSL isn't absolute security. It's way better than nothing, but if something you're sending is absolutely critical to you, maybe you should call it in instead.

Second, bad guys with fake websites can get SSL security too. All that happens then is you have a very secure connection between you and the guy that's going to rip you off. The first defense against this is to use my trick to avoid bogus websites in the first place.

The second tip is to just click the certificate itself to learn more about where you are. Click the colored area to the left of the address (for Firefox) or to the right of the address where the lock Icon is (for IE).

Checking to see if you have a valid secure connection in Firefox

Checking the SSL certificate in IE

This popup window shows you who the secure connection belongs to and who is validating that fact. In one, Equifax is verifying that the page you're on is Facebook.com while VeriSign is validating that you're on eBay.

Always remember to look for HTTPS whenever logging in or entering other important data online. If it's not there, maybe you should think twice about clicking SUBMIT.

(Image is used under the Pixabay license)

I have a bit of a love/hate relationship with Amazon.com, but this season, it's more hate. I found the gift I'd been looking for on Amazon for about $10 cheaper than my normal favorite, Newegg.com.

However, I suppose nothing cheap comes without strings attached, not at Amazon anyway. Check out this BS:

Are you kidding me? (click for the full picture)

So not only are they saying that with more than 20 days lead time, they can't get me this item by Christmas and it's not free shipping as was promised, but there's hope! If I sign up for "AMAZON PRIME" I get not only free shipping, but it comes on time. It's only 80 FREAKING DOLLARS should I somehow forget to cancel.

Ok, so I could just sign up and cancel right away, but I shouldn't have to jump through goofy hoops just to buy something and this smacks entirely of deliberate obstacles for the sake of pushing me into their "premium service". I don't do deceptive.

For $10 more, I just kept my business at Newegg.com which has been the most consistently excellent source of electronics research and prices all while maintaining excellent customer service. Be sure to take your business there too.

Update: It's the 11th and my gift already arrived. I wonder why Newegg's free standard ground shipping managed to get me my item in less than 5 days, but somehow Amazon just couldn't do it in less than 20 unless I signed up for Amazon Prime… Hmmm…. It's a mystery.

Bad Sears, BAD!

The sick thing about this story is that the spyware wasn't a hack against these companies, but was planned and sanctioned by the companies.

Between April 2007 and January 2008, visitors to the Kmart and Sears web sites were invited to join an "online community" for which they would be paid $10 with the idea they would be helping the company learn more about their customers. It turned out they learned a lot more than participants realized or that the feds thought was reasonable. To join the "My SHC Community," users downloaded software that ended up grabbing some members' prescription information, emails, bank account data and purchases on other sites. Sears called the group that participated "small" and said the data captured by the program was at all times secure and was then destroyed.

Remember that there are no laws currently to protect against the abusive data collection and sharing practices that many companies employ. Be careful with your data and don't trust even the most reputable-seeming companies to choose your privacy over the almighty dollar.