Last year, Wired writer, Matt Honan lost control of his digital life. It took about an hour for him to lose control over everything: his email, his contacts, his bank accounts, his iTunes, even the data that was on his personal hard drive on his Macbook. Everything. He was able to recover much of it. (Here is an account of how he did it.) But it was a very difficult and sobering experience for him.
Since then, he has spent a lot of time trying to reconstruct what happened, and how they did it. His conclusion is that Passwords are the problem, and that we just have to find another mechanism to replace them. I have a different view, but I do want to share some important lessons that I took from reading about his experience:
- It is critical not to use the same password for everything. Whether Matt likes it or not, passwords are not going anywhere for the foreseeable future. There is nothing else out there that provides the ease of use and flexibility that passwords do. Especially not at comparable cost. But they can be compromised. And if yours is, and it’s the one you use for everything, you’re in big trouble. By the time you even discover it, it may be too late. I know that it’s difficult to remember a bunch of different passwords, but it’s more difficult to remember every site you’ve ever logged into, and even more difficult, if not impossible, to completely recover from a successful hack.
- The most important account you have is your email account. If you only change ONE password to make it different than the others, make it this one, and make it tough. Longer is better. Passphrases are better than passwords. (I.e. Believe it or not, “iwishihadaferrarri” is a much better password than “Xrq5@Ny” because it’s so much longer AND it’s a lot easier to remember.) Why? Because that is the starting point for all others. If you forget your bank account, Facebook and Paypal passwords, how do you recover them? You click on the Forgot My Password link on their websites, put in your email address, and they will send you a password reset link. What could I do with that? I could change the passwords for everything else.
- Consider whether “ease-of-use” features are worth the ease-of-damage-they-can-cause. In Matt’s case, because he had enabled Apple’s iCloud service’s Remote Wipe feature, which was intended to be a security feature, once they took control of his account, they were able to remotely wipe out everything on his MacBook Air, remotely. We all use some of those types of security features, and sometimes they’re fine. But before you click Accept, consider what you’re accepting. Do you really want that toolbar the Java update asks about installing? Maybe you do, but don’t just blindly leave the check box checked.
It’s a fascinating digital world out there. And it’s important to know how to navigate it safely.
If you have any questions, please contact Working Nets by calling (443) 992-7394 or visit WorkingNets.com today!
Welcome to Working Nets – your virtual IT Department!
You can also follow us on Facebook, Twitter, LinkedIn, and Google+.