One of the hot topics at the MS-ISAC Annual Meeting and GFIRST in Atlanta this week was the recent Wired article by Mat Honan entitled: How Apple and Amazon Security Flaws Led to My Epic Hacking.
The entire article is worth reading, and may shock you into action. Here is the first paragraph of the article:
“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook”
That article, along with other information led to Apple and other organizations changing their over-the-phone password reset procedures.
There is no doubt that the majority of online users typically:
- Use very simple passwords that are easy to guess
- Use the same passwords for multiple applications and services (such as Gmail and Facebook.)
- Only change their passwords when forced to do so
- Use the same passwords for home and work
- Share passwords with friends and family members
I could go on, but the stupid things that we do (or don’t do) with passwords are well-documented.
However, I must admit that the Wired article was a bit of a personal wake-up call for me. While I have always used rather complex passwords, I do slip into some of the other bad habits at times. But lately, I have gone through the simple list above and made adjustments to my personal online security situation regarding passwords. I want to point-out a few practical steps that we all can take to help secure things.
Second, I found this sixty minute security make-over article to be well-done and helpful. It discusses linked social media accounts and a host of other areas that need to be addressed by all of us for better security.
Third, even if you don’t follow these extra security steps, at least regularly change your passwords to something a bit more complex and don’t reuse them across home and work. Also, back up important data.
I know, I know. Security pros have known about these basic password steps for years. But actions speak louder than words. And there is too much at stake with our online data to do nothing. I like many of these new precautions, since one-time actions can provide much better overall protections.
What are your thoughts on personal passwords? Any ideas to share?