You may have already read that the hacker group known as Anonymous claimed on Christmas Day to have stolen thousands of credit card numbers and other personal information belonging to people who have subscription membership to STRATFOR. The Associated Press reported that “Anonymous boasted of stealing STRATFOR’s confidential client list, which includes a range of entities from banks to Apple the U.S. Air Force to the Miami Police Department, and mining it for more than 4,000 credit card numbers, passwords, and home addresses.”
Regular readers of this space will recall that I am a longtime subscriber to STRATFOR, so yeah... I am among the 4,000 victims of the most recent [expletive deleted] Anonymous hack attack.
Being that it was Christmas when this event happened, I was offline and unaware of the problem until the next day, learning of it when I was listening to the news in my car, stuck in traffic, en route home, ETA plus three hours [expletive, once again, deleted].
Needless to say, when I got home I immediately got online to check my bank account, and found nothing untoward to have occurred there. I changed my password to the site and called the bank, advising them to increase their already high vigilance on the account (I pay an extra fee for the ultra-secure service). Despite the fact that my online banking password is wildly different from all my other passwords, just for my own piece of mind I also spent about a half hour changing all my online passwords. Better safe than sorry.
Here we come to the crux of today’s tech tip: Maintain your online passwords with the same level of vigilance you do every other piece of off-duty safety equipment (your off-duty mindset, your off-duty sidearm, your off-duty family communication codes).
I have a system for rotating and/or altering my passwords for the various online sites — including my P1 login — which I regularly use. For obvious reasons I will not reveal specifics of that system here, but I will say that I’ve leveraged some of the following “Do’s and Don’ts” which I now pass along to you. Add your own suggestions in the comments area below.
1.) Don’t use the same password on two different sites at the same time. You can rotate one password from one site to another, matriculating up a ladder if you will, but “overlap” is BAD.
2.) Do use some combination of letters, numbers, and (whenever it’s allowed) symbols and punctuation marks. Get weird — simply using a ‘+’ for an ‘t’ is not likely to fool a decent hacker.
3.) Don’t rely on an online password manager to keep your stuff secure. These sites claim ultimate security, but your brain is far more secure. If you MUST augment your own memory, write a few “hints” down on a slip of paper and keep that in your biometric gun safe.
4.) Do a regular — albeit perhaps randomly timed — check on your passwords, making sure you change your passwords at least as often as you swap the batteries in your smoke alarms.
5.) Don’t use the “remember my password” feature available on most Internet browsers. That’s basically the same thing as leaving a key in one of those false rocks in your front yard.
Stay safe my friends.
