What’s going on with the latest rash of online password thefts? What is the thrill in posting this information on the internets? Is possessing the passwords of other people an ego boost or a public rant against insecure information stored on the web?
First LinkedIn, then eHarmony, and now possibly Last.fm. As the number of sites falling victim to password hackers continues to grow, the questions are flooding in: are these incidents all connected? And, perhaps more importantly, who’s next?
This seems like a good time to remind you again to harden your passwords and to use an App like 1Password that can help you create and manage really good passwords that won’t be easy to guess.
1Password also makes it dead nut simple to login to a service and change your password if your account is somehow compromised by the very business you’ve given your personal information and faith over to in exchange for a sacred covenant that they will rigorously protect the proprietary information you share with them.
I’m still not sure I understand the thrill of breaking into a company’s website and downloading personal information and then posting it to the internet. When I get an email like this from UNL.edu, I cringe as I, once again, have to put another credit alert on my life:
On Wednesday night, May 23, a security breach of the University of Nebraska’s university-wide student information system, NeSIS, was detected. In addition to information for current students, parents, employees and applicants, NeSIS contains Social Security numbers, date of birth and academic records for past students who attended the University of Nebraska. (Records go back to 1985 for UNL, 1986 for UNO, 1990 for UNK, 2004 for NCTA, and Fall 2010 for UNMC.) A small percentage of past students also have bank account information, driver’s license or tax ID numbers associated with their student account.
… Local law enforcement and the FBI are also involved in the investigation and have identified a student they believe is responsible for the incident.
Our lives are quickly becoming a dizzying set of identifying numbers: Own the digits, become the person. I’m not sure how good that method of virtual personhood is because it takes common sense out of the security game.
Will TRU-ID make us safer, or even more digitized for future exploitation by rogue motivators?
Judge Paul Innes of Mercer County Superior Court today upheld a temporary restraining order obtained by the ACLU-NJ to suspend TRU-ID, New Jersey’s implementation of the federal Real ID Act. This decision means that New Jersey citizens who do not wish to comply with TRU-ID may opt to obtain their licenses using the existing 6-point ID system instead, at least until a more complete hearing for a preliminary injunction scheduled for August 3. The ACLU-NJ expects the State to appeal today’s ruling.
The more complex we make our security requirements, the longer the paper trail we leave billowing behind us, and that makes a clearer path for the disinvited to enter our lives and become us. Once they’re inside the system with full access to the bytes of us, the more bit-by-bits they will be believed on the outside that they are us. We cling to the quaint notion that “Digitized Truth” can never be impeached or impounded because we need to pretend the processes of us are impenetrable. The reality of a corrupt national security system examples another truth.
I suppose it explains why it is such a complicated process to obtain a driver’s license — three items from column a, two from column b, a skin sample, some blood, put your hand on the bible….
Right. Complicated for us to get the ID — but for those breaking into the motor vehicle system to steal our info — dead simple!
Isn’t that the truth.
Yes, and there doesn’t seem to be much effort in hardening the process!
It’s mainly up to us, as mentioned, to ‘harden the passwords’, make up myriad combinations that we CAN’T remember, keep them in a ‘little black book’, hide it so well, that when you need it, you can’t find it. etc etc etc.
this is NOT experience talking BTW 🙂
I use 1Password to manage everything and it works really well. I have one super long and hardened password I have to memorize to open 1Password, and then that program manages all my other hardened passwords by auto-filling in all the blanks for me. So everything is hardened and secure, but I only have to remember one hard password.
Since you are on your personal computer, that sounds like it works well. Since I’m at work, using the company computer, I keep the little black book. It’s been working well ‘so far’ save the above mentioned almost catastrophe. 🙂 Live and Learn
1Password works with my computer at home — and cellphone and my iPad when I’m out in the field. The Apps sync to an external server — so I have multiple access points for a single password database. Everything is tight and secure.