We All Know It…
Keeping information private is hard. Really hard. The old mantra “if you don’t want anyone to know about something than don’t write it down” still holds true more than ever. Before the internet if you were to have written down something sensitive you could be lucky enough to destroy the evidence. Now with the internet once you write something online it’s there.
I think most people understand the fact that the internet has changed how information is stored. Yet we have been trained by social networks, blogs, and the like that updates about our every life moment are a necessary routine . People have been trained to create an online social profile. While I feel this is just as important as our real life personal profile the problem is when the two become too intermixed.
I created this blog to help myself develop and hone my communication skills. To get this all online I had to do a fair share of setup of services over the internet. Each one asked for my name and email address at minimum. With little hesitation, but some regret, I provided this information to the services I now use to bring you this blog. I now sit here and wonder what price have I paid. Don’t mistake me, I’ve done my research on the partners that I’ve used, but in today’s world you cannot trust everyone, heck anyone.
The Horror, the horror
Recently Facebook admitted it was hacked. This time Facebook was lucky that no user data was lost over the hack, but the astonishing fact is that custom hacking tools were developed to target Facebook employees in an attempt to get at user data. Twitter had 250,000 accounts’ username’s and email address compromised in a recent data breach.
What does this mean to the average person. Astonishingly, it means a lot! To many when filling out a social network’s “About Me” page it only comes natural to fill in every section. Some social networks, like LinkedIn, incentivize the addition of adding your information. Having a username and email address ranks very low, however, just add in your address and your percentage complete bumps up a few percentage points. I can admit to falling victim to this tactic. I went through and did everything I could do to make sure I had 100%. It gave me a feeling of achievement. I’d like to stress the amount of worry I was in when I heard of the news of LinkedIn’s 6.5 million encrypted passwords being leaked. I became horrified that after using a tool to find that my encrypted password was among them!
Crap, What Do We Do
A lot of techies are saying that the password is no more (note: this article by Wired is a really, really good read). I agree with this sentiment and actually abide by it, however it is difficult to avoid having to not provide a password when using online services. One of the biggest dangers on the web is not using a secure password. There are many definitions of what a secure password is, but at minimum you should be using a password that is 8 or more characters, has a capital letter, a number, and a special character. Better yet is to not make use of dictionary words or any thing that can be tied to your username or online profile.
My suggestion is to follow the above but to add in additional set of security requirements. I try to no longer sign up for services that ask me to provide a username and password (or any real world identifying information). For the most part I try to use authorized sign-ins. Basically this means I use services that can be connected to my Google log-in. This lets me fine grain tune what those services ask can use. If some site wants my phone number it must ask Google for access which Google then I have the option to deny.
One of the biggest things you can do to protect yourself is to use two factor authentication. What is two factor authentication? It is exactly as its name describes, the use of two methods of authentication. Generally the first method of authentication is the providing of your standard username and password. Once this has been verified a second more personal piece of information must be entered. By personal I do not mean as in a security question, but as in entering a generated number from a key fob. Google provides this service FOR FREE to its users. When you log in it will text you a number that you must then enter. If you have an Android phone you can also open the app and copy the number. If at any time your phone is lost or stolen you can use a set of one time use numbers to access Google and shut off your phone’s access. E*Trade offers this same service to its trading customers (I do not know if it is free).
All in all, it’s a dangerous place, this internet. Look at my “About Me” page. If you know me personally you might think I’ve added very little about myself. However, I tried to keep it just enough to let a passerby know a bit about me. That’s how you need to treat your online identity. Never post, send, or store anything on the internet that you wouldn’t mind telling a stranger. If you do make sure you have a well defined security plan in place to keep it safe. Have a plan if it is compromised.
Feature Image: Secure Cloud Computing – By: FutUndBeidl
As an aside to the above I should mention that I do maintain a good amount of information about myself online. However, using the privacy features of the services I use I make sure that there is little exposed amount me. This isn’t an invitation to dox me, but I believe that I’m well protected information exposure wise. I try to use unique passwords for all my logins, but I do need better passwords and password management. Topics for other posts!
Pingback: Evernote Security Breach - It's Not Found
Pingback: Evernote Note Encryption - It's Not Found