Thursday, May 06, 2010

Time to tie my camel to the tree

I like to not worry too much about security, and try to feel relaxed about living my life on the planet. But I also know that you need to take necessary care. As the old saying goes "trust in God, but tie your camel to the tree."

I read today in the New York Times that hackers have made 1.5 million Facebook user credentials for sale.

I also got a phone call today from someone saying they were extending my Popular Science subscription, and confirmed my address and name. Then they said if I could just give them my credit card number they could go ahead and extend my subscription.

When I refused, they were OK, but asked for my email so they could send me an email confirmation. When I refused again, they wanted to have me talk to their "manager" and I just hung up. This is the second time I've gotten a call like that. This isn't just random identity theft - this is a business. And I suspect a very profitable one.

I also was reading about online payment services, and how PayPal is targetted for attacks on a regular basis.

And I have a feeling it's only going to get worse - the hackers are on the attack, and from what I know about online sites, they try to be secure (maybe) but with dynamic client-side code and phishing and Trojan horses and worms and insider attacks and just dumb human error, the weaknesses will be found and taken advantage of, more and more and more.

I can't protect myself from all of this, but I do need to take necessary precautions. We already have a shredder and shred anything that has our personal information on it. But I've been lazy about my passwords. I've kept the same one for years; it's short, and it's everywhere. Well, that changed tonight. The key passwords have all been changed, and I'll do more as I bump into them.

Symantec has me change my password every three months. I'll be using that as a trigger for me to change all my online passwords.

I've had enough, it's time to tie my camel to the tree.


Andy Cohen said...

All good advice. Our passwords should be:
1) Frequently changed.
2) Long.
3) Not in the dictionary.
4) Different from each other.

Now here's my question: What's the best way to keep track of all these passwords that doesn't introduce another security hole?

Unknown said...

I write them down in a secured file on my laptop - not as they are, but with a hint that is enough to remind me.