Email, Passwords, and Protecting Your Identity and Reputation on the Web BY CECIL CATES, IT CONSULTANT
ast month, hackers broke into a gossip website called Gawker and committed what amounts to a full-scale web burglary. They took the source code for the site, logs of private chats between the editors, and the email addresses and passwords of 1.5 million registered commenters. It was a huge, embarrassing mess for Gawker, and could have caused serious problems for some commenters. Here’s how to prevent an attack like this from creating serious problems for you:
L
1. Create an email address that you can abandon if the address is released publicly. It’s not a good idea to use a single email address for all your communications. Use your primary address for cor-
16
The Positive Community February 2011
respondence and trusted communications, but use a separate dummy address – preferably one that doesn’t contain your name, age, or location – for website logins. It’s fine if you use janesmith@gmail.com for corresponding with your mother, but try something a little more anonymous for commenting on news sites. Many Gawker commenters – including employees of NASA and various government departments—used their work address when they registered. That’s just never a good idea. 2. Use a different password for every single account you have on the web. That’s right: every single one. Gawker commenters who used the same password for many accounts risked having them all compromised if their passwords were cracked. (The hackers stole the passwords in encrypted form but could eventually decipher all of them.) Having a different password for every site minimizes the potential damage. If you insist on using just a few passwords, make sure you don’t use the same one for a highly secure bank site as you use for a less secure site with more lax password policies. 3. Use long, difficult-to-crack passwords. It’s admittedly a challenge to create and remember a unique 20-character string of nonsense for every single password you need. Fortunately, a number of passwordprotection programs (including LastPass, KeePass, and 1Password) can automatically generate and store secure passwords for you. If you’re ever curious about how long it would take to crack a particular password, you can go to HowSecureIsMyPassword.net and they’ll tell you. For more information contact ccates@cmitsolutions.com
www.thepositivecommunity.com