One day Mat Honan was a writer for Wired and the next day he became a highly publicized example of everything that makes online security an oxymoron. It turned out that Mat became the target for a teen hacker out to get some lolz at his expense and proceeded to access his entire digital life and wipe it out. Literally within minutes, Mat lost everything he had stored right down to all of the photos of his baby daughter. Since the “advantages” of the cloud include the reality that what was once the obligatory practice of separate offsite backup is now as quaintly nostalgic as pillbox hats, once Mat’s data was gone, it was gone forever. There are some actions that you can take today to keep from suffering Mat’s fate, as long as you realize that if a fully dedicated hacker is going after you, there may not be any hope to fend off their attacks.
The 4 Primary Password Strategies
Passwords are the first items up for discussion as lists of stolen ones show that the majority of people use profoundly silly ones that can be guessed by a toddler, such as password or 123456. To make things worse, many use the same password to access all their accounts, so as soon as a hacker has figured out one, they have cracked your panoply. There are four primary schools of thought to password creation and all have their fundamental fallacies:
- Uniqueness – Instead of password, use something that is special to you, such as your first pet’s name: Snowball. The problem with this approach is that if you are a typical social media blabbermouth who revels in revealing every intimate detail of your existence on this mortal spiral to the 7.1 billion people on earth including the bored teen hackers and professional Russian Mafia criminals who mine your profiles for critical information, then you’ve likely left that little bit of info out in cyberspace already.
- Character substitution – Changing some of the characters for alphanumeric “lookalikes” is a very common security precaution, so Snowball becomes $n0w6a11. The worst problem with this strategy is that you’re not the only one to think of this and the hackers already have compiled popular character substitution tables to crack this rather ineffective code.
- Non sequitur phrase – The famous comic on xkcd sums up this approach rather well. Instead of substituting characters, come up with a completely nonsensical sequence of words that you memorize, such as correcthorsebatterystaple. As in every other case where strings need to be memorized, there is always the problem that your fallible memory will fail you when you need it most, so it might be a good idea to use a complex string of words with “weird” separators that mean something to you but no one else (and which you haven’t blabbed already on social media) such as the names of your four favorite teddy bears: aragorn%fluffy^roscoe|chantelle.
- Site-specific modification – All the teddy bear names on the planet aren’t going to help you if you use the same password on several accounts and it winds up being exposed. A small modification you can make to help keep each password unique is to add a prefix or suffix specific to the site. So if your Chase bank app is the second icon on the fourth row of your iPad in portrait mode, use standard Excel cell nomenclature plus the first two letters of the site: d2~ch#aragorn%fluffy^roscoe|chantelle.
Make Your Accounts Impervious to Social-Engineering Attack: Shut Up!
Unfortunately no matter how airtight your password is, it’s completely worthless if you are subjected to a social engineering attack such as the one Mat suffered. By gathering publicly available info, a hacker can convince many online companies’ customer service personnel to reset passwords and then… you’re fried. It all goes back to the blabaramathons which have become de rigeur in the social media world. Loose lips sink chips and if that silicon is holding your precious personal information you may find that the transcendent joy of being a total-revelation social media autobiographer may have a very unpleasant byproduct.