Time to Change Your Password

Yeah, yeah, yeah, now Bill’s on that Password kick.

Today, it was LinkedIn that had their passwords compromised with a leak.  There is an announcement of that sort of thing every day.  If it isn’t a website, it’s someone’s bank, or even something as simple as a padlock on the shed.

Yes, that last bit happened to me.  I was in the backyard opening my shed and someone was watching me over the hedge.  Very Creepy, and thankfully they have moved on.  However I was muttering the four digit code while I was setting the lock and the “individual” actually repeated it back to me.   I slipped at that point and lost the combination.  The lock is long gone.

It has been said that for safety’s sake you are supposed to change your passwords monthly.   If you work on a computer, and who doesn’t these days, you can be subject to that being enforced.  You walk in on the first day of the month for example, and up pops a window demanding you to change it.

Now lets look at this.  You just changed work’s password.  You’re reading this that I’m hosting on www.Blogger.com .  Blogger uses its own password.  It’s linked into the www.Google.com suite of sites so that means I have a www.gmail.com account.  Add to that the email accounts that I have for each of the companies and charities I consult for, my professional account, the various stores like www.jcpenney.com that I shopped at just this morning to buy a sauce pan, and you see the point…

It Gets Ridiculous.

I don’t know what the solution is.  If you write it down on a sticky and place it somewhere it can get lost or stolen.  I have a file that has password hints on it, but I couldn’t tell you the last time I changed it.

I’m guilty too and I deal with this Security Stuff every day.

The worst case scenario is where you have company websites that insist that you use a strange code that isn’t meaningful for a password.   Randomly generated.  Just pick a password by slamming your hand down on the keyboard – I just flat out don’t remember those.  That particular annoyance is at an HR site run by a large company that uses SAP for their internal software.  Not only is my password random, but my username is too.  I don’t even bother trying to remember.  Just click on the button that says “I Forgot” because that’s useless to try to remember something like 9ea4b1c and pretend it is meaningful.

At least think about it.  I’m going to try to come up with something new since too many of my own passwords have been gravitating toward something I’ve been using for a while now.

Oh yes, it is a bad idea to have all your passwords be the same thing.   If you’re doing that and saving that password in your browser, I personally want to congratulate you on making a huge mistake.  Go into your browser, Now, and delete all those passwords.  In Firefox Click on Tools, Options, then the Security Tab.  Click on the Saved Passwords button and then Remove All, then close.   You also should have the check box next to “Remember Passwords” and “Use a Master Password” unchecked. 

For other browsers, you’re on your own.  I used Firefox almost exclusively.

The benefit of doing things this way is that you are forcing yourself to remember the passwords.  The problem with that method is that you end up gravitating toward a few passwords – like I have.

It sounds paranoid, but that’s basically what “they’re” telling you to do every month.  Every blasted site.  More than 100 in my case.

Well, no time like the present… I’ll get back to you.

LinkedIn, Facebook and the Creepy Factor

Today I was amused by a bit of LinkedIn email. 

Going through the morning online work, I spotted a piece of email from LinkedIn.  Most of us are familiar with Facebook by now.  Consider LinkedIn a Facebook for the Professional Set.  If you have a career instead of a job, you need to be on there.  The account that I use on there could be more effectively used, I am somewhat low on contacts.   Since I’m so busy maintaining the presence of Wilton Manors Main Street on Facebook and their Blog and watching over that of New Divine Mercy Church on Facebook, their Blog, as well as my own blog here, I tend to take a passive outlook.   If someone spots me, friends me, I accept, smile at the “good thoughts” and move on with a new relationship.

I don’t usually search for people unless there is a reason.  Once I found a whole wing of the family in Nebraska and another in Washington State, as well as being told of a branch that moved to Saskatchewan and set down roots.

This particular email was asking me if I knew some people.  Specifically it was the Mayor of Wilton Manors and one of the Commissioners.  Yep!  I know them both, but since I don’t tend to “bother” people without a good reason I chuckled and deleted the email. 

We’re all busy, right?  Why bother people…

That got me thinking about the ability to use social media for online stalking.  If the software knew that I should know the Mayor and the Commissioner and was right, what else does this online database know about us.

Privacy is done for.  Actually that isn’t completely true, you could always cut your credit cards and pay cash for everything.  With the laws in place for health and other records in the United States, if that information got out about you, you could make a tidy sum suing the company that had an “accidental” breach of your personal information, many people have.

Online privacy is non-existent.  As soon as someone posts their personal information on a website, and it is found by a search engine, you’re public.  May as well put it on a post-it or on one of those stickers that say “Hello, My Name Is” because it is that open.   Email is a Post Card medium.  It is sent out mostly unencrypted out to the world and anyone who wants to learn about you can find it with the right technology. 

Sure there are secured Email sites for such people who work in the Health Care and Insurance Industries for example, but they are not used by “normal folk” like you and me.

So what can you do about it?   Practically nothing these days.  If you use an email that is free and advertisement based, then your information is already out there including your private thoughts.  They aren’t private, no matter what.  This blog is public, it is scanned by all the search engines, and I do employ some Search Engine Optimization techniques to make sure that the articles I post aren’t just read today.   It also is hosted on Blogger which is a Google site.  Google finds my posts and scans them and indexes them.  That benefits me because it brings people in a wider audience than just my friends and family.

Now what happens to those databases?  You tell me…

The indexes and databases of websites and emails and all the other detritus of our lives that are online are a very good representation of our personal thoughts.  Go onto Facebook and like something and you establish a relationship.  That relationship can be inconsequential when you “Like” Food.  It could be something we consider positive when we Like our own nation or an allied nation.  It could be negative when we like a hate group – find them on your own, I won’t help you there. 

The bottom line is that it builds a very good psychological description of an individual.  This sort of thing has not gone unnoticed, and there are many people out there working in Social Networking and the analysis of the psychology of Social Networking.  After all, you can sell this information or protect your country against people who are out to commit crimes simply by looking over their shoulders at what they say about themselves.

The best thing you can do is step back next time you see that email or the friendly “Like” button and consider what it says about you.  After all, it is easier than trying to do it the Old School way.  Who among us has actually written a physical paper letter to a company telling them how well they did lately?  I know I haven’t!