On December 12th, hackers were able to compromise and download the user names and passwords from a highly visible and respected blog media network. The account database itself was only for the login information to the commenting functions of these sites. In itself, there was very little that could be exploited with the information. However, it called out the widespread practice of using poor quality passwords, and worse, using the same passwords on multiple sites.
The two most frequent and devastating errors and omissions made by computer users are:
- Not backing up
- Using poor quality passwords.
Both of these present significant risks in day-to-day life, but have an added risk when it comes to burglaries, theft, and loss.
First, take the odd burglary Marc Fisher wrote about this week in the Washington Post. Marc’s home was broken into and, among other items, the burglar took his son’s laptop. The burglar, illustrating a bizarre lack of discretion, actually posted a picture of himself to his son’s Facebook account (the only insight here is, don’t assume a burglar will do or not do something because it seems rational to you or me). Now not only does does the son not have a backup and has lost data that is important to him, but the burglar has access to his data and potentially his passwords.
The 5 steps in minimizing the damage if your computer is lost or stolen:
- Make multiple backups. Follow the 3 - 2 - 1 approach, which is three backups, in at least two different formats (e.g., DVD-ROM and Hard Drive), with at least one off-site copy.
- Use complex passwords of at least 8 characters, but preferably 12 characters. Mix numbers into the password characters. The Wall Street Journal article analyzed the Gawker leak and illustrates how poor many passwords are.
- Use a different password for each site or at least the sites with sensitive data. Your email account can be a treasure trove of information, since not only the archived emails are accessible but someone can “reset” the password on other sites, often with only access to your email account. Some hackers set up sites that entice people to register, only to get their email address and password, knowing a significant percent of those passwords will work on the users primary email account.
- Encrypt sensitive data. Microsoft Windows 7 has the BitLockers feature and Apple Mac OS X has FileVault.
- Store the serial number of your laptop (and all other valuables) in a safe and accessible place (e.g., a Google Doc). One of the few ways electronics may be recovered is if you are able to provide your serial number to the police. They will register your stolen device in a database and if the thief tries to sell it at a pawn shop, the police will be notified.
The best defense is, of course, keeping it from being stolen in the first place. Don’t leave electronics or valuables visible from outside your home. If they can be seen through the window, the chances of being stolen are much greater. Arm your alarm system for instant mode even when you are home in the middle of the day.
I use a Mac and backup locally with Apple Time Machine. This is a free application that comes in OS X.
Available for on-site and off-site backups on Mac, Windows, and Linux is CrashPlan. This is a very flexible free and paid application which give you multiple options for cost effective backups.
For off-site backups I use Mozy AND JungleDisk. Both offer large amounts of off-site storage (think 300GB of photos) for very reasonable costs.
Password Management Resources:
Having a different complex password is easier said than done. A management application which keeps track of passwords, generates secure passwords, and brings up the information when you need it is helpful. 1password.com and lastpass.com are feature-rich and effective. (CM84QPQQ3ER9)