Tag Archive for complex password

What do you do if your Email provider \ bank \ game host is hacked?

The recent high profile hack attacks on firms like Sony, Citibank, Nintendo, Google et al has caused many to ask what they should do to keep their personal data safe.  How can we avoid identity theft if some of the world’s largest corporates can’t protect our data.  And what about our kids’ data, in the case of PS3 and X-Box hacking?

Recently Sega stated that email addresses, birth dates, and encrypted passwords more than a million customers had been hacked. With those details, how much more information could a potential ID thief clean about you from the internet? We need companies to take our data more seriously and implement technical measures for customer protection, for example not passing unencrypted sensitive data in the browser address bar.  We live in the real world though where our banks and communications are moving into the digital cloud and to ignore this is to lose the ability to function.  For our children this is the norm. Therefore we must take care with what we share.

Keeping your data secure:

Runescape is a excellent MMORPG gaming site where, as part of the interaction, users are coached in good security practice and security breaches are taken seriously. If your kids play Runescape, they will be aware of the problems of insecure passwords, accounts being hacked and GE bank accounts emptied. This can give a useful framework for real-life discussions.

In real life, the following points are essential basics:

Use complex passwords: kids are often very resistant to this – it seems too much like hard work. But with bots available (programs which can try every word in a language in a matter of minutes) you can’t use common words or names. Bots can recognize common number patterns and number substitution (eg s1m0n) too, so birth dates are also a mistake.  Try to use alpha-numeric, upper and lower case and, if allowed, punctuation too eg 1LikeCat5!
Change passwords regularly: Many schools, universities and workplaces now insist that users change passwords regularly, and for good reason. This makes it more difficult for users to remember their passwords (ask any Technical Support team!) but ensures it is far more difficult for a password to be stolen.
Use different passwords for different accounts: If you use a single password for many accounts, then that password is discovered, all your linked accounts are exposed to a hacker too.  If a hacker gets into your email account with mail from EBay, your bank, Paypal etc, they could have access to all those accounts too.

Never share a Password: teens often fall into the trap of sharing a password with a close friend, only to find that being used against them when they fall out.

What to do if your data is exposed:

Remember that, when families share computers, sometimes data loss can affect all the computer’s users.  For this reason, set up individual user accounts on family computers and ensure your children all use their own personal account and password.

Email addresses

Email addresses can give access to personal details sufficient to allow another person to masquerade as you.  This is quite apart from the contents of your inbox including banking, online shopping, purchase history and similar sensitive details.

Financial information

If account details or a debit or credit card are stolen, you should cancel the account straight away.  Remember, debit cards give immediate access to your funds.  Sometimes teens are reluctant to admit to a parent that they have ‘lost’ a card or account details – let your kids know as soon as they are trusted with a card or account of their own that they won’t be in trouble with you for the loss. The longer this kind of loss goes undetected, the greater the problems in cleaning up afterwards so it’s critical that they tell you immediately.

Even after the accounts have been cancelled, monitor activity around your finances to see if anything unexpected arises, eg credit checks you haven’t authorized.

If further personal details have been taken, eg Social Security number, check your credit reports frequently for unauthorized activity.  Do this through a credit reporting agency eg Equifax or Experian, and have a fraud alert added to your credit report. This announces a possible ID theft to potential creditors so they’ll be carefully when running a credit check and authorizing a new financial account.
Hopefully none of this will be necessary, but it’s key to ensure your teen understands that any personal information they share online can expose them, their accounts and even their families’ accounts if a shared computer is compromised.  Get the first steps in security right and hopefully the emergency measures won’t be needed.