Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Monday, July 20, 2009

We Have Your Password, and We Own You!

Every few months I like to write about passwords and backups just to remind everyone how important these issues can be. While I’d like to remind you again to review your backup policies, I really want to stress some common sense password protection.

I’m sure you all know enough not to use your kids or pets names for passwords but do you use different passwords for every different site you visit online? If not, you could be in real danger and you’re putting everyone else in danger too. STOP IT!


Last week an employee of Twitter had their account compromised and internal business documents were stolen. The documents were actually offered for sale on the internet. The Twitter server wasn’t “hacked”, it was accessed using the employees name and password. Seems the employee used the same password on another online site.


Someone Call Security

“First, it's important to note how these documents were stolen. In this case, a Twitter employee used the same non-unique password on multiple services. A hacker gained access to our business documents because this common password was retrievable on an unrelated system. If you've ever used the same password on more than one service, you've made the same mistake that lead to this theft”

Any time you sign up and provide a password, that information may be easily available to the owners and employees of that site. If you use the same password for an online forum as you do with PayPal you’re in danger. If you use the same password for multiple social networks you leave yourself open to a different kind of identity theft. Some one can impersonate you and spread malware to your friends and family.


Giving Away Your Password

There’s also the danger of freely giving away your Email and password that plenty are falling for. A number of sites offer to get you new followers on Twitter. The only conditio is they now own your account and can use it to broadcast advertisements. Unfortunately, too many people don’t read the conditions which typically look like the following…


Free Follower Scam conditions


Obviously a lot of folks slip pass this notice and are surprised when advertisements appear in front of their name. You might also notice they don’t say anything about not selling your Email address to the spam companies.


Every minuate hundreds fall for this scam.
I’m not sure how many followers make up a ton.


If you’ve fallen for these scams you’re not alone. You will want to create a brand new password. While you’re at it, create some more new passwords for other sites as well.


Labels: ,

Share on Facebook


13 Comments:

Blogger Corrine said...

Excellent advice!

7:33 PM  
Blogger Za3mOn said...

thanks Bill! :D

2:55 PM  
Anonymous David said...

I have over 200 sites that require a password (including work related ones) that is too mayny to have aunique password. The thing to do is to have no site that is important sharing a password with one that is just personal (TV station, newspaper...) if they get your password using the one taken. I have used the kids names coupled with a date (xxxx1990) or even my own or a combination of initials...but not on a site that is critical. I try to make passwords that aren't readily guessable for some services or at least will require some time to crack because of their length. Too many services (work and public) do not allow long passwords or some special characters.

3:02 PM  
Blogger chris said...

If your using the same email address as your login id this is excellent advice. Like David said above there's just too many passwords required unless you want to start writing/storing them all in a single location to remember which is more dangerous. With work and other important sites they usually have differnt ids or other identifiers that could not be guessed from your twitter id

8:58 PM  
Anonymous Anonymous said...

Chris said..."unless you want to start writing/storing them all in a single location to remember which is more dangerous."

Are you saying Robo Form is not secure/safe to use?

12:06 PM  
Blogger Unknown said...

I have a few different passwords but I have difficulty remembering them when its a site that's not visited often. That is why I have begun to standardize. Also I have 7 bank cards with 6 passwords, from 4 banks & I really do get confused.

6:00 PM  
Anonymous Anonymous said...

Is there an easy answere out there somewhere? Every site requires a user name and password. Sometimes it's your email address (I have at least four) sometimes it's just a user name. My solution, until I find something better is I store them all in an excel spreadsheet that is password protected. I use a completely different password for it. I've done this for years and so far so good.

8:39 PM  
Blogger Unknown said...

Too bad that the needy people "got owned". Darwin Awards are in order here!

Anyone STUPID enough to use the same password for a secure website, like PayPal, and ANY non-secure website deserves what they get!

That's like signing all your checks in advance and then leaving your checkbook on the bus seat next to you. Doh!

I disagree with "Bits from Bill". I believe the same password for all non-secure, non-critical websites is okay - as long as you won't sweat the loss or "compromise" of those accounts.

The example of the one fellow (David) who had two hundred (200!) different websites to sign into is a prime example. I'll bet you he uses a DIFFERENT password for his "secure" websites (like banking, PayPal, etc.) than for the not-so-important sites!

It's called common sense, folks. Comes with maturity and sometimes with the wisdom of advanced years... sometimes!

10:41 PM  
Anonymous Anonymous said...

for my passwords, since i cannot remember all of them, i do it the old fashion way, i write them down on a piece of paper, and keep it in a secure place,

9:37 PM  
Anonymous Anonymous said...

With all the passwords to remember, I use KeePass Portable http://keepass.info/ . A free, open-source, OSI certified program. I am able to take it from home to work and back again. The program has it's own password generator that comes in handy, with some of the sites requiring a password change every 60-90 days.

5:35 PM  
Anonymous Anonymous said...

HI BILL, I'M NOT SCREAMING, JUST DISABLED. HOW CAN SOMEONE SEND ME AN EMAIL USING MY EMAIL ADDY AND ALSO MAKE ME THE RETURN ADDY? I CAN'T FIND ANYONE WHO KNOWS. WOULD APPRECIATE SOME HELP. THANKS.

9:35 PM  
Blogger Unknown said...

Unfortunately, it's pretty common and easy to mask where an Email comes from.

Most people have experienced this and I think ignore the name that appears to be who their spam comes from.

It's still extremely annoying. I've called my host company more than once to make sure someone hasn't hacked into my system and stole my Email account but it's all just how Email was created on the Internet.

Bill

10:14 PM  
Anonymous Gloria said...

Woha, I never realized it was so dangerous to use the same password all the time. Scary! Thanks to you I'm secure now...

9:57 AM  

Post a Comment

<< Home