Many PlayStation owners lost confidence in Sony's online security. The PlayStation network hack highlights the danger of using just one password for your entire digital life. AS SECURITY breaches go, it doesn't get much bigger than the recent PlayStation Network (PSN) and Sony Online Entertainment attack that saw hackers get their hands on the details of more than 100 million customers around the world.
While not all of these people had handed over their credit card details to Sony, they'd all handed over plenty of other information such as name, address, phone number, email address, date of birth and password.
Whether you're a PlayStation owner or not, there are two key lessons to be learnt from the PSN hack. Firstly, don't use the same password for all your online services. Secondly, for services such as the PSN network don't be afraid to lie when they ask you for information that doesn't really have to relate to you.
Using the one password for everything is just asking for trouble. It only takes one service to get hacked and your password is out there.
Once the bad guys have your PSN password, for example, they'll probably try using that password to get into your Facebook, Twitter and email accounts and perhaps even your online banking. The more sensitive a service is, the more important it is that you use a strong and unique password. Unfortunately, a leak of 10,000 Hotmail passwords in 2009 found the most common password was 123456, followed by 123456789.
A strong password must be at least eight characters long and avoid dictionary words. It should contain a mix of upper and lower case letters along with symbols. The best passwords look like gibberish but are easy to remember.
One trick is to use the first letter of each word in a phrase or rhyme - for example, 'Humpty Dumpty sat on a wall Humpty Dumpty had a great fall' becomes 'hdsoawhdhagf'. Make some of the letters upper case, drop in a few symbols and you've got the foundations for a secure password.
When creating a wide range of passwords you might want to start with a strong base password such as 'HdSoAw*70'. Now you can generate unique passwords for different services, such as 'gHdSoAw*70m' for Gmail and 'fHdSoAw*70a' for Facebook. Make sure your pattern isn't so simple that if someone discovers one password they can easily guess the others.
While not all of these people had handed over their credit card details to Sony, they'd all handed over plenty of other information such as name, address, phone number, email address, date of birth and password.
Whether you're a PlayStation owner or not, there are two key lessons to be learnt from the PSN hack. Firstly, don't use the same password for all your online services. Secondly, for services such as the PSN network don't be afraid to lie when they ask you for information that doesn't really have to relate to you.
Using the one password for everything is just asking for trouble. It only takes one service to get hacked and your password is out there.
Once the bad guys have your PSN password, for example, they'll probably try using that password to get into your Facebook, Twitter and email accounts and perhaps even your online banking. The more sensitive a service is, the more important it is that you use a strong and unique password. Unfortunately, a leak of 10,000 Hotmail passwords in 2009 found the most common password was 123456, followed by 123456789.
A strong password must be at least eight characters long and avoid dictionary words. It should contain a mix of upper and lower case letters along with symbols. The best passwords look like gibberish but are easy to remember.
One trick is to use the first letter of each word in a phrase or rhyme - for example, 'Humpty Dumpty sat on a wall Humpty Dumpty had a great fall' becomes 'hdsoawhdhagf'. Make some of the letters upper case, drop in a few symbols and you've got the foundations for a secure password.
When creating a wide range of passwords you might want to start with a strong base password such as 'HdSoAw*70'. Now you can generate unique passwords for different services, such as 'gHdSoAw*70m' for Gmail and 'fHdSoAw*70a' for Facebook. Make sure your pattern isn't so simple that if someone discovers one password they can easily guess the others.
Other methods include having a three password hierarchy where your first password which might also consequently be your best attempt at a secure password 'HdSoAw*70' is used for online banking only. Your second password which might be a little bit less secure and hence easier to remember 'hdsoawhdhagf' is used for services such as your email, ebay and perhaps your home WiFi network. While your third and easiest to remember 'fak3pa55w0rd' can then be used for unsecured and less important services such as your Windows username login.
Weak passwords are a security threat but so is giving services more information than they really need. Identity thieves can start with even the most inconsequential data and steadily build up a detailed picture of you. Does Facebook really need your home address? Does the PSN really need your phone number? Sometimes it's best to live at 1 Fake Street Faketown, Fakestate 1000, with the phone number 1234 5678 and to be born on January 1, 1900.
It's worth sitting down occasionally to look for weak links in your security precautions. Which services are the most sensitive? Which are the least secure? Which passwords are weakest? Which passwords may have been compromised and what are the possible consequences?
A regular security audit could stop your digital identity falling into the wrong hands.
Weak passwords are a security threat but so is giving services more information than they really need. Identity thieves can start with even the most inconsequential data and steadily build up a detailed picture of you. Does Facebook really need your home address? Does the PSN really need your phone number? Sometimes it's best to live at 1 Fake Street Faketown, Fakestate 1000, with the phone number 1234 5678 and to be born on January 1, 1900.
It's worth sitting down occasionally to look for weak links in your security precautions. Which services are the most sensitive? Which are the least secure? Which passwords are weakest? Which passwords may have been compromised and what are the possible consequences?
A regular security audit could stop your digital identity falling into the wrong hands.
No comments:
Post a Comment