What’s your identity worth to you?

Just a few months ago, Yahoo! stated that over 500 million of their user accounts had been hacked and that in an earlier instance, over 1 billion accounts had been stolen. Verizon had account information stolen from over 1.5 million customers. LinkedIn had email and passwords to over 117 million of their users stolen, then posted online. Dropbox had over 68 million logins and passwords compromised. The adult dating website, AdultFriendFinder.com had 412 million of their user’s personal information stolen.

Hacking is in the news nearly every day and people constantly reach out to ask me if their information is safe. Are they at risk? What can they do to be more protected? Should they get a VPN or use Tor?

The best thing to do is to start simply. Begin with your passwords. Do you have good passwords on your accounts?

Now, I’ve been doing this for over 25 years. You’d think that there’d be very little that could surprise me after all this time. You’d think that with people being online since the 90’s that they’d know what a good password is and how to keep their passwords private and safe.

So when someone comes to me to ask for professional advice on how to keep their accounts safe, you’d think they’d know at least the most basic rule of account safety; don’t share your passwords with anyone.

However, when I ask them that first question; “Do you have good passwords on your accounts?” and they tell me ‘Yes, I use Fluffy123! for all of my accounts with my email address as my login!’ My head nearly explodes from the screaming of my inner voice urging me to smack the stupid out of them. Oh how I want to listen to my inner voice.

But, instead of listening to my inner voice goading me to cause physical harm, getting me into trouble, I’m going to draw a line in the sand, first with a declaration: There is no such thing as a completely secure account or computer. Period. And even if there was, you wouldn’t be willing to do it.

You know how I know this? Because people complain that their passwords are too complex as it is. They don’t want to use as many as eight characters in their passwords, nor use numbers, nor to have to use a special character. They don’t want to change their passwords every 30, 60, or 90 days, and they want to reuse old passwords. They don’t want to be bothered with having to put in a number they get texted with when they login with 2FA (two factor authentication).

You’re right. It sucks and it’s annoying. You know what else? Too bad.

Your data is only as secure as the level of effort you’re willing to put into it. 

I get it. It’s a pain in the ass to remember all your passwords. I have to go through it too, just the same as you do. But it’s really not that big of a deal. So in an effort to help you get past the stress of trying to figure out how to secure your information, here are the things I do to help protect myself against hacking. Just remember, if you think it’s stressful to remember your four, six, or dozen accounts, keep in mind that in my job, I’ve needed to keep thousands of accounts secure.

Here’s some tips I use to help me with securing my accounts, creating good passwords, remembering them, and how to make sure my data is protected.

Tips for passwords.

  • Use an acronym from a memorable and personal statement: ‘I will be Vice President when I’m 35!’ Translates to: IwbVPwI35!
  • Use a Password Manager. I use 1Password from agilebits.com. Use their password generator for even more complex passwords, that you won’t have to remember yourself.
  • Use different passwords for each account. This is where a password manager is helpful. If your Yahoo account gets hacked and people get the password, then they potentially can get your Visa and other banking passwords.
  • Never write your passwords down.
  • Never tell anyone your passwords.

Tips for access control.

  • Always have a password on all your devices: your phone, smart watch, computer, EVERYTHING.
  • Make sure that all your devices (computer, phone, smart watch, everything) locks automatically when turned off, removed from your wrist, or when the screen saver turns on (which should happen automatically within 10 minutes or less).
  • When possible, use biometrics (fingerprint reader) on your computer or phone.  This just makes things easier when you have complex passwords.
  • Never use your work email address for personal accounts like LinkedIn or Facebook. Read why here.
  • Use 2FA (two factor authentication) — ALWAYS! Here are just a few sites/apps that already provide 2FA: Google/Gmail, LinkedIn, Dropbox, WordPress, Apple, Microsoft, Facebook, TeamViewer, MailChimp, Amazon, etc. And more and more every day.

Backup everything!

Good luck!

Do you have some tips or a story to share? Did you or a friend have this experience? Would love to hear your thoughts in the comments.

Connect with me: Facebook | LinkedIn | Twitter | Blog | Google+

One thought on “What’s your identity worth to you?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About Brian Greenberg

Brian Greenberg is a senior strategy consultant specializing in whole systems design and leveraging technologies to advance the goals of organizations in the public, private, academic and not-for-profit sectors. An information systems and technology leader, Brian has 20 years experience in information systems design, architecture and business operations.  Brian holds a B.S. in Philosophy & Applied Computer Science and a M.A. in Whole Systems Design – Systems Theory. As a frequent industry speaker, Mr. Greenberg addresses how organizations can better align legal and business requirements with IT and has presented several papers and participated at conferences. Brian also sits on the Board of Directors of EcoMyths Alliance, a consortium of environmental education partners.