Everyone talks about security and making sure your passwords are safe and sound at a time when we’re creating new usernames and passwords all the time to access online services.
But until a security breach slams right into you, you really – and I mean, really – don’t pay that much attention. After all, it’s someone else who’s getting hacked, right? That may be true but over the past month or so, I’ve been given a huge security wake-up call.
It started when my GMail accounting suddenly stopped working. It took some maneuvering and a huge favor from a Canadian working within the Googleplex – but I regained access to all my Google services (Reader, Docs, GMail, etc.) only to discover someone had changed my GTalk greeting. Clearly, someone had been in my account.
Next up was eBay where someone changed all my security settings. Fortunately, there wasn’t any buying or selling activity but it was pretty troubling that my account had been breached. When I notified eBay, their response verged on nonchalance – like it happens all the time so what can you do.
Last but not least, Rogers wouldn’t let me send e-mails yesterday. A call to a helpful Rogers customer service rep (Yup, they do exist!) determined that my Web-based account had been frozen for some reason. Strange.
All of these developments has been like getting splashed with ice-cold water first thing in the morning. As someone who does an awful lot online without thinking much about the security ramifications, it has really made me think twice about who’s got my information and how I need to be really diligent in changing passwords on a regular basis.
4 Comments
Using a password manager such as Roboform or the one built into Firefox can be useful to keep track of all of your passwords.
Human nature tends to mean that people will choose the same (or similar) passwords for all the sites that they visit. Problem is, a security breach at one site means big trouble.
The best option is to use secure passwords that are different for each and every site you visit, and to use a disposable e-mail address (i.e. from SpamGourmet) as your login. That way, each site has entirely independent information, and a breach of security anywhere doesn’t have ramifications for you at other sites.
Hi Mark,
I’m sorry to hear that. I have a very strong background in security and I’ve seen what you describe many times. As George pointed out, using the same password for different accounts is a NO NO. Navigators are currently the main entry point for malware and other naughty crocks. So check out your navigator version and get the latest. I always recommend Firefox because they tend to fix security bugs very quickly. You should also check any plugins you might use when navigating. Specially the adobe/pdf one. There is a very important security bug affecting the latest versions of the adobe acrobat (reader included) (< 8.1.2)
that is running wild and infecting many hosts.
Let me know if you need help to check out how it happened
George, Alex:
Thanks for the advice. Although I’ve already made some changes, there’s a lot more that I need to do to upgrade my personal security.
Mark
A password manager doesn’t always work, even if you carry it around with you on a flash drive. I ideally want to be able to access my accounts from anywhere.
What I’ve been doing for the past half year or so is: take a key of a few characters (always the same), append the first few characters of the URL, and then apply a simple transform that I can remember.
The resulting passwords look random, but can be regenerated from memory in a few seconds. I think I got the idea from a reddit comment.
Of course, it’s probably more secure if you don’t go around telling people what you’re doing.
I do still let FireFox remember my passwords at home.