October 6, 2009
More than two years ago I wrote a piece for a weekly newspaper about keeping your passwords safe in which I gave my recommendations for some simple steps you could take to protect yourself online.
Those of you who know me won’t be surprised to hear me say “I told you so”. As a database programmer by trade, I have learned over many years to think about the worst-case scenarios in an effort to avoid them in the first place.
The recent password exploit that is currently widening to more sites has exposed tens of thousands of passwords world-wide. As one of the things to avoid from my post, “People tend to have the same password across many accounts — so there is a good chance that individuals have also compromised the integrity of their ebay or paypal accounts too.” By using the same password on more than one website you run the risk of exposing all of your accounts to potential security breaches even if only one of them is hacked.
In the current scam the bad guys trick users into supplying their passwords because they think they’re actually on a legitimate website, when in fact they’re using a fake site that captures their data for dastardly purposes. You’ve no doubt received emails over the years asking you to go to the Chase website [substitute any big bank name here] to update your personal information when you don’t have a Chase account. The hackers blast these things out to everyone, knowing full-well that many of the recipients do have a Chase account, and if just one of them falls for the scam, they can immediately log into that account and grab their cash.
Once they’ve got your email password, they most likely have your banking password, your stock password, your everything password. I encourage you to re-read my article about the simple steps you can take to protect yourself online.