Your digital identity is at risk.
Last week, Citigroup (NYSE: C ) announced that 360,000 of its cardholders had their personal information stolen. In a series of attacks over several months, Sony (NYSE: SNE ) has lost information on millions of accounts to various hackers. Data-handling expert EMC (NYSE: EMC ) has promised to replace customer security devices after hackers breached its RSA Security division.
More recently, computer systems belonging to the IMF, the CIA, and the U.S. Senate were publicly hacked. Even Lady Gaga and Justin Timberlake have had their personal and financial information hacked and cracked -- though German authorities managed to cuff those responsible.
If Lady Gaga can be victimized, nobody's safe. So what can you do to protect your online identity?
Magic bullets?
Unfortunately, there's no one-size-fits-all solution. After all, some of those Sony accounts were accessed despite being protected by an advanced security system that requires specialized hardware keys. But the real downfall of these systems comes back to one simple fact: People are bad at picking secure passwords. Even IT professionals charged with the safekeeping of personal records.
It used to be enough with six or eight characters to make a password secure, ideally boosted by including a handful of uppercase letters, numbers, and special characters outside the alphanumerics. Simple math dictated that breaking such passwords would take an impossibly long time, given the processing power of up-to-date computer systems.
But computers get faster all the time, while hackers devise ever more ingenious break-in methods. Perhaps that's why Intel (Nasdaq: INTC ) spent $7.7 billion to acquire security specialist McAfee -- an attempt to heal the karmic damage from making the bad guys' job so much easier with its ever-faster processors.
Can we fix this?
The simple solution to the password problem is to make passwords even longer. If $abc123$ wasn't good enough, then maybe $$abcd1234$$ will do the trick? (Please don't use these passwords for anything, by the way -- now they're published and might end up high on a hacker's list of strings to try!)
That only works as long as you can remember the new password, though. Writing it down on a sticky note on your monitor is like leaving your house key under the doormat. So the trick is to make your mixed-case, number-infested, whizbang character-adorned password memorable.
One trick is to pick a very long password in perfectly natural English. Take a line from your favorite song, your favorite president's motto, or perhaps a Groucho Marx aphorism and enter it verbatim. Uppercase, numbers, and punctuation always add some salt to the recipe, but once you go past 10 or 15 characters, you've rendered brute-force hacks pointless.
This doesn't work everywhere. Some systems restrict your passwords to a certain number of characters because of system limitations or bad database design. But it's magic when a good password works, and natural language is so infinitely varied that no crook will be able to guess your access keys.
One last point on passwords: It's a bad idea to use the same one for every system. If someone steals your email info, you don't want the bad guys to be able to use the same keys to unlock your screensaver at work, your auction-website account for some unauthorized bidding, or your online banking and brokerage accounts. You gotta keep 'em separated, in The Offspring's immortal words.
There's always more
Those are the basics of keeping your logins safe, but you can -- and should -- do much more.
- If an online deal looks too good to be true, it probably is. eBay runs a comparison-shopping service named Shopping.com, Yahoo! offers Yahoo! Shopping, and Google (Nasdaq: GOOG ) has its Google Checkout alternative, for example. All of them tend to find great deals, offer a secure payment system, and let you judge the merchant's reliability by user reviews. Use these tools.
- On that note, remember that anything you post online can and probably will be used against you. Credit card numbers don't belong in online chat rooms or forum posts. Nor should you let strangers "borrow" your access to anything, anywhere, at any time. Should you let friends and family use your email and shopping accounts? Only if you absolutely trust them not to share that information in a moment of weakness. Otherwise, get ready to change your password after they log out.
- Big G wants to make your Google account safer with two-factor logins that require a cell phone. Somebody out there is thinking about something better than passwords, and it's never a bad idea to be extra safe.
This is just the beginning, as you can fill books with online security tips. Did I miss your best, most obvious Internet safety trick? Share your wisdom in the comments section below. You might make someone's day.
RSS Headlines
Fool UK