We Have Your Password, and We Own You!
Every few months I like to write about passwords and backups just to remind everyone how important these issues can be. While I’d like to remind you again to review your backup policies, I really want to stress some common sense password protection.
I’m sure you all know enough not to use your kids or pets names for passwords but do you use different passwords for every different site you visit online? If not, you could be in real danger and you’re putting everyone else in danger too. STOP IT!
Last week an employee of Twitter had their account compromised and internal business documents were stolen. The documents were actually offered for sale on the internet. The Twitter server wasn’t “hacked”, it was accessed using the employees name and password. Seems the employee used the same password on another online site.
“First, it's important to note how these documents were stolen. In this case, a Twitter employee used the same non-unique password on multiple services. A hacker gained access to our business documents because this common password was retrievable on an unrelated system. If you've ever used the same password on more than one service, you've made the same mistake that lead to this theft”
Any time you sign up and provide a password, that information may be easily available to the owners and employees of that site. If you use the same password for an online forum as you do with PayPal you’re in danger. If you use the same password for multiple social networks you leave yourself open to a different kind of identity theft. Some one can impersonate you and spread malware to your friends and family.
Giving Away Your Password
There’s also the danger of freely giving away your Email and password that plenty are falling for. A number of sites offer to get you new followers on Twitter. The only conditio is they now own your account and can use it to broadcast advertisements. Unfortunately, too many people don’t read the conditions which typically look like the following…
Obviously a lot of folks slip pass this notice and are surprised when advertisements appear in front of their name. You might also notice they don’t say anything about not selling your Email address to the spam companies.
I’m not sure how many followers make up a ton.
If you’ve fallen for these scams you’re not alone. You will want to create a brand new password. While you’re at it, create some more new passwords for other sites as well.