GoLocalTech: Keeping Yourself Safe Online Part 1
Friday, August 24, 2012
In what turned out to be a cascade of failures, the fault lay with Apple, Amazon, and Matt. You can read the long story here.
Matt got into trouble because of the following:
• The bad guys used social engineering to get at his Apple and Amazon accounts. Most of the responsibility for these failures rests with Apple and Amazon, both of whom claim to have corrected the problems.
• All of his backups were in one place, on iCloud.
• His backup email service was tied to the Apple account that was hacked.
• His Gmail, Twitter personal, iCloud, and former employer’s accounts were linked. (It’s a bit more complicated than that, as the story details.)
Matt did a great service by airing his embarrassing experience. The reasons that he was attacked were specific to him, but the lessons are applicable to all of us.
It made me review my security practices and change a few things. This week and next, we’ll look at ways to minimize the risk that this could happen to you.
Passwords and accounts
My Amazon account was compromised once, about six years ago. I had done two things wrong: I used a guessable password and had used the same username/password combination on multiple sites. As best as I can determine, someone broke into one site (still unknown) and picked up a bunch of user login information. Then they tried that login information on retail sites, such as Amazon. I learned about it when I discovered that my password had been changed. As far as I could tell, there were no fraudulent charges, so neither Amazon nor I lost anything except the time needed to put things right.
Since then, I have used unique passwords for every site. In order to do that without writing down passwords or filling my few remaining memory cells with passwords, I use a mnemonic to figure out the password each time I visit a site.
The primary goal in security – at home or online – is to make the intruder take more time and thus increase the likelihood that you can detect the intrusion.
In brief, here’s one scheme:
Your password should be a minimum of eight characters long. It should contain a mix of upper and lower case letters, numbers, and punctuation marks. Using standard password cracking tools, a password such as Aa123.yz will take five days to break. That’s pretty good.
Of course, remembering unique passwords for each site using randomly constructed passwords is impossible for those of us with body temperature
So, here’s a way to create a password that you can remember, but that is impossible to guess and difficult to crack.
Put a punctuation mark and four or more numbers in the middle of the site’s name. You can use the same mark and set of numbers. That’s the only part that you need to remember.
For example, for Amazon, you do something like this: Ama&2120zon
2120 is the street address on Michigan Avenue in Chicago, the former home of the Chess Records.
According to How Secure Is My Password, it will take about four thousand years to crack the password. You can then use Goo&2120gle for your Google account and so on.
Your password for Facebook would then be:
Use some number that is meaningful to you – a date such as 102704 or the ZIP code of Graceland, 38116.
Some sites have particular requirements such as the punctuation marks are allowed and maximum password length. You might have to tune the mnemonic. It doesn’t matter much where you insert the punctuation and numbers.
None of us have halos
At some point, you will opt for more convenience over greater security. Just don’t do it too often.
Remember that each of us has to find the balance point between risk and convenience. Twenty-character passwords are essentially unbreakable and unusable.
Then, go forth and have fun.
Come back next week when we’ll look at account verifications and notifications, backups, and secure browsing.
Karl Hakkarainen is an IT and social media consultant at Queen Lake Consulting. His grandchildren still ask for his help and advice about computers and related technology.
- Family Matters: Keeping Your Kids’ Tech in Check
- ER Patients Prefer Technology to People—RI Hospital Study
- Brown Discovery: High-Tech Early Detection of Cancer Cells
- Good Is Good: Techno Dad Blues
- Julia Steiny: Schools Still Struggle with New Technology
- NEW: Hasbro’s Twister Goes High-Tech
- URI Hosts Fall Colloquium on Technology + Future
- Providence Predicted for Tech Job Growth