Several weeks ago, LinkedIn had an enormous security fail when 6.5 million user passwords were leaked. Since that incident you can add sites like Last.fm, Yahoo and, most recently, Formspring to the list.
Some people may be wondering what the big deal is. You change your password and move on.
Not so fast, my friend. Let’s think about this:
1) How many of those people use the same password for every site they sign up for (yes, even their bank)?
2) How many of those people who use the same password everywhere are your friend on Facebook? (The one place you share your kids’ names because it’s “private”.)
I’ve said it before and I’ll say it again: Your information on Facebook is only as secure as the weakest password amongst 300 of your closest, nearest and dearest friends.
How many of your friends’ Facebook accounts have been hacked in some way? Just among my friends, I’ve seen about a dozen friends get hacked over the years. It’s happened to friends who are self-proclaimed luddites and those who are fairly tech savvy in equal measure.
If we connect the dots of the LinkedIn password leak and Facebook friends using the same password for both networks, how many of your friends do you think use the same password for both? Probably a decent number of them.
I used to.
I don’t anymore. In fact, my project for 2012 just got kicked into high gear when I heard about Danny Brown’s Facebook account being hacked over the weekend.
Beefing up online security
My New Year’s promise to myself was to be more secure with my data. So, I’ve started implementing the use of a password manager (LastPass) and creating unique and randomized passwords for every site. Given the number of sites I have memberships on, the only way I’m willing to do this is with a password manager.
I think you need to join me in my challenge. Take some time to learn about how passwords are stored online and what makes a strong password (pro tip: complex doesn’t always equal unhackable). Sadly, the five most common passwords are:
Number one just boggles the mind.
Knowledge is power
Does it scare you to think that someone might try to access your accounts with malicious intent? It is kind of scary, but here are a few more important points for you to think about:
- The Internet isn’t private. It IS public, even if you’re in a walled garden like Facebook.
- Any password is hackable: Strong and long passwords are hackable. Long ones just take longer.
- If you aren’t 100% fine with seeing it on a billboard in Times Square, it probably doesn’t belong on the Internet.
- You need to thoroughly review privacy settings on Facebook (read Danny’s post for more info).
You don’t have to fear privacy and security breaches as long as you remember these things and stay true to who you are. Your authenticity will reduce the impact of a malicious attack.
Have you ever had a web-based account hacked? What did you do?