No matter how protected and technologically advanced a website may be, it’s all for naught if your passwords are weak or your security hints are easily discoverable.
“TwitterGate” is the most recent reminder that many of our passwords are weak and our hinting infrastructure (the supportive questions asked to either refine a secure login or help a person remember an original password) is a giant gaping hole waiting to be exploited. In a quick nutshell: a hacker used publicly available information found on social networking websites and other information-rich sources on the internet to gain a somewhat complete personal picture of Twitter senior employees. The hacker pieced together information from different sources to form a map of an individual’s life that ultimately allowed him to make educated guesses as to what hint answers might be. Through brute technological force, the hacker found out all the personal information he needed to crack into Twitter employees’ Gmail accounts and ultimately gain access to a treasure trove of information.
What does this tell us? That while operating independently our accounts are safe, the online ecosystem of an individual provides enough information to compromise us if we’re not very careful about the personal data we use to gain access to our accounts. Most password hints are items that our best friends usually know about us: favorite movie, pet’s name, favorite actor, street we grew up on, etc. At Legacy Locker, we are very concerned about people utilizing easily discoverable recent historic information or basic personal preferences in this manner. The prevailing thought here is that we need to fundamentally rethink the way we choose our passwords, hints and other secure information. According to a recent publication by professors at Carnegie Mellon, even social security numbers can be guessed based on available information found on Facebook profiles.
Aside from choosing highly improbably guessed passwords, it is important to use hints that are known only to you and no one else. Don’t use clues that have a finite universe of answers, instead use hints that are opinion-based or only you know the answer to. Good examples include your favorite historical figure, the name of your first kiss (even the other girl or boy involved is unlikely to know it was your very first) and your SAT score.
Don’t let the fear of forgetting a password cause you to use easily discoverable hints. Think creatively, have some fun with it and put real thought into your personal security infrastructure so that all of your online assets remain secure and above all, private.
One final word on the subject: make sure your Legacy Locker password is unique and not re-used on any other sites! This way you can even use Legacy Locker as a “password vault” in case you forget the rest!
Check out this Slate.com article entitled, “Fix Your Terrible, Insecure Passwords in Five Minutes.”
Director of Business Development