I recently came across an article with the provocative title "How I Stole Someone's Identity," in which a baby-faced computer security professor details how he broke into the online accounts (with permission, all in the name of science) of a hapless acquaintance named Kim. He didn't use any programming skills or esoteric techniques — only search engines and cleverness. Here are three lessons I learned from his article:
1. Be aware of what personal information you share online. Blog posts, myspace pages, and even web forums can be sources of personal information for identity thieves to mine. Paranoia isn't necessary, but remember that not everyone who accesses the Internet is your friend.
2. Don't use personal information to safeguard your identity. Once information is posted on the web, you should assume it cannot be removed, thanks to caches and mirror sites. (For example, when something is "deleted" from Wikipedia by an administrator, it is really just protected from viewing. It can later be restored by any administrator.) Your phone number, your pet's name, your mother's maiden name, and above all your date of birth: none of these are private enough to be the basis of your online security.
3. Keep your e-mail passwords at maximum security. E-mail password security has to be your top priority because your e-mail account is the key to the rest of your online accounts. In the article, e-mail was the key to all of Kim's accounts because most sites reset passwords via e-mail. Security Focus has a great article on password-security best practices.
And here is a bonus tip that was not addressed in the article:
4. Be aware of sites that do not encrypt your password. If you receive (or can ask for) an e-mail with your password in it, then that site does not encrypt your password. Your password cannot be retrieved if it is encrypted, which is why most sites will reset your password but not send it to you. StumbleUpon is one major site that does not encrypt passwords.
Do you have any stories about a stolen online identity? Are there any tips you would like to share for keeping your accounts secure?
1 week ago