First of all, and oft repeated, use secure and unique passwords for all your accounts, be they banking, social networking, email, or to log on to your computer. Far too many people still use such insanely simple passwords like ‘password’ or ‘qwerty’. And if you think using your anniversary date or your cat’s name with the number 1 is a big leap forward, think again. The first rule of password creation: “Make it utterly unrelated to you personally. No names of spouses, pets or old high schools. No birthdays or social security numbers.”
A password manager could be a handy investment as well (we could recommend 1Password). It can generate random, impossible-to-remember passwords for you, and it will remember any and all passwords in a kind of ‘safe’ that you lock with yet another, rather-easier-to-remember password. Most such managers will ask for that latter password, then enter the correct password for the given site/account. Only if your computer is stolen is that safe threatened.
And if you are using familial memnotic devices, remember that as soon as a hacker sees your Facebook page (probably open to the public, depending on your security settings in Facebook) he or she has access to a number of pretty good clues of your password. And yes, most people still use only one password for all their accounts.
Which leads us to the morality tale of Mat Honan, who writes on technology developments for Wired Magazine. He has shared the harrowing story of how he lost all his digital life to hackers on 3 August:
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
But Mat doesn’t solely blame the lack of consistency of two of the largest online/cloud-based corporations in the world. He knows his own habits undid him once the two tidbits of info were gathered. He linked his iCloud and Amazon accounts together, and his GMail to his Amazon account, and Twitter to GMail. All held by a single password with a single variation. Once they broke into one door, they had access to the entire estate.
What is perhaps even more stunning, because a person like Mat working at Wired should know better, is that he never backed up his materials: “Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.” If he is not backing up, what confidence do we have that the rest of us are?!
Mat investigated what happened, and he was then able to repeat the process to hack into a colleague’s account (where he did nothing malicious). So the process hardly required a couple of MIT grads with no social events over the weekend to get the job done. His entire story can be read here. Fortunately, his reporter’s instincts and his humanitarian impulses mean he has shared his tragedy so as to warn us not what can happen, but what will happen.
Apple is working hard to get all of its customers to use iCloud. Google’s entire operating system is cloud-based. And Windows 8, the most cloud-centric operating system yet, will hit desktops by the tens of millions in the coming year. My experience leads me to believe that cloud-based systems need fundamentally different security measures. Password-based security mechanisms — which can be cracked, reset, and socially engineered — no longer suffice in the era of cloud computing.
So spend a little time this weekend backing up your stuff, and changing your passwords. You, your colleagues, your constituents, maybe even your grandkids, will be glad you did!