If you live in Sweden and consider yourself as one of those celebrities, you better change your password, now. As another security breach was reported today that a leak of 93,678 password-email combinations became public today. Yes, as the title states, OMG & WTF. Despite what the reason and cause behind this breach, it’s time to do our part to take our online security life more seriously.
Just yesterday, I finished reading one long article by James Fallows from the Atlantic post about his true story of his wife’s Gmail being hacked and the follow-up interviews with team in Google. If you have time, I highly recommend you read it. Not only was the story shocking, but also followed up with some very good points and inside stories that we as normal user don’t get access to.
The incident James encountered was quite brutal. The hacker not only scammed their friends and families with a make-up story "Mugged in Madrid" followed by the money requests but also wiped out his wife’s 4 years of email messages that used up 4G of Gmail space. The ending wasn’t bad as they got all emails back with the help of Gmail’s new "Undeletion Project" that they just put in. Otherwise, they would unfortunately lost some of their past life forever.
The 2.5 points James made after his own encounter is very worth mentioning here,
The first half point is addressed to those who use Gmail as their primary email service.
Here it is: if you use Gmail, please use Google’s new “two-step verification” system. In practice this means that to log into your account from any place other than your own computer, you have to enter an additional code, from Google, shown on your mobile phone. On your own computer, you enter a code only once every 30 days.
The second one is to pick good password. I strongly agree with James’ approach which is more manageable to most of the regular users, a middle ground of password strong enough to create problems for hackers and still simply enough to be manageable. The strategies include:
- Choose a long, familiar-to-you sequence of ordinary words, with spaces between them as in an ordinary sentence, which more and more sites now allow. “Lake Winnebago is deep and chilly,” for instance. Or “my favorite packer is not brett favre.”
- Choose a shorter sequence of words that are not “real” English words. I once lived in a Ghanaian village called Assin Fosu. I can remember its name easily, but it would be hard to guess. Even harder if I added numbers or characters.
- Choose a truly obscure, gibberish password like "V*!amYEg5M5!3R". Well, I won’t recommend this method to any of you and suggest you use the first two methods instead.
The last point is to use different passwords. The guide should be:
any site that matters needs its own password—one you don’t currently use for any other site, and that you have never used anywhere else.
The bottom line is we all need to take our own online life security matter more seriously. Yes, there is nothing we can do about it if the cloud service or banking database we use got hacked and leaked but at lease if we do our part better we are making harder to the bad guys from hacking into our own life. The best way to recover data is not to lose it in the first place. The consequence of lost your online identity, as it states in the article, is worse than you and I can imagine.
The greatest practical fear for my wife and me was that, even if she eventually managed to retrieve her records, so much of our personal and financial data would be in someone else’s presumably hostile hands that we would spend our remaining years looking over our shoulders, wondering how and when something would be put to damaging use.