Last week, Google’s Priya Nayak posted this piece on Google’s blog. While great advice, it is not something enough people take seriously. We all should face the facts that human beings are creatures on the path of least resistance. It’s not that we don’t care, we just don’t want things to be difficult to remember… It’s not that we are lazy, although that helps… It’s just that we don’t think that we are important enough for anyone to go after for a password. Well, that and the fact that we don’t think we have anything of value that “the bad guys” can get even if they our passwords…
So, the desire for simplicity coupled with inertia and a false sense of security leads to our complacency online and the relative ease with which our own privacy and password
security can be compromised. With the greater and greater levels of information, queries from searches, financial transactions, social interactions moving online everyone needs to become more aware and active to protect his or her security online. Nayak’s article although google centric contains some great suggestions:
Password re-use: You sign up for an account on a third-party site with your Google username and password. If that site is hacked and your sign-in information is discovered, the hijacker has easy access to your Google Account.
Malware: You use a computer with infected software that is designed to steal your passwords as you type (“keylogging”) or grab them from your browser’s cache data.
Phishing: You respond to a website, email, or phone call that claims to come from a legitimate organization and asks for your username and password.
Brute force: You use a password that’s easy to guess, like your first or last name plus your birth date (“Laura1968”), or you provide an answer to a secret question that’s common and therefore easy to guess, like “pizza” for “What is your favorite food?”
Online accounts that share passwords are like a line of dominoes: When one falls, it doesn’t take much for the others to fall, too.
Generating unique passwords is better, but remember simple unique passwords can still be compromised for that system. Complex passwords can be painful to remember, but can save years of effort and thousands of dollars trying to repair the damage of identity theft. One argument I often hear about complex passwords is that then you are forced to write them down somewhere am that list can be stolen or simply found by others and used. I’ll concede that point, however, that “theft” would need to be done in person and compromise one’s personal space as opposed to simple having access to a computer and the Internet…
A suggestion I provide is to have a digital password program like 1Password from Agile Web Solutions. 1Password works on Windows and Mac systems and has plugins for every major browser on the market. Additionally, with smartphone companion applications that securely make passwords mobile it eliminates the argument: “that is great for when I am home, but I can’t access anything when I am anywhere else.”
One of the thing I was amazed about was the sheer number of websites I have logins for and which I provided my credentials… many of which I haven’t accessed in months or years. This is another issue we don’t think about when throwing around a few common passwords… Frankly, I am not concerned about my banks getting their systems hacked not that it hasn’t happened before or for a more local recent and local example. But, I am concerned about smaller online organizations sites becoming the first of the falling dominos.
With October being National Cyber Security Awareness Month, please take a few minutes to check out Stop, Think, Connect