My Security Mishap
Well guys, for the first time ever, my online identity has been compromised. Don’t worry, this is me making this post. I just wanted to use it both as a lesson and a warning to be cautious when receiving communications that purport to be from me. Here’s how it happened, and how you can avoid the same thing happening to you:
1. Use unique and secure passwords.
When I was young and foolish, I used the same email address and password for every service I signed up for. Worse yet, that password was also what I used for my email account. And as the final nail in the coffin, I didn’t keep track of everything I signed up for. I mean, why would I need to, when I knew that the same username and password would get me into everything, right?
As a result, when Yahoo’s Associated Content Network (don’t even ask me why I signed up for this) got compromised, my old Comcast email address got compromised as well. If I’d used unique passwords on both services, this wouldn’t have happened. Your email account in particular should have strong authentication, because that’s generally where websites send password resets. My Twitter password was strong, but that didn’t matter, because Twitter password resets were sent to my compromised Comcast account.
2. Don’t register on every website ever made just because you can.
You may have good security practices, but that doesn’t mean that whoever is storing your passwords will be careful with them. Also, it can cause a lot more aggravation when an account you forgot you had starts spamming people. I’m still discovering accounts I own that are potentially compromised, that I’d signed up for when I was 15.
3. Be careful who you give your credit card info to.
One thing I am grateful for is that none of these websites stored my credit card information. When making purchases online, only give out your actual credit card number to well-known, trusted retailers like Amazon — otherwise, use PayPal or Google Checkout. This limits your exposure to data breaches in the future.
4. Use LastPass
It doesn’t have to be LastPass — there are plenty of password storage systems out there. I like LastPass personally because of the level of encryption and also its availability on multiple platforms. Basically, the idea is that you generate random, unique passwords through their system, and then memorize one really strong “master password” that you use to secure your LastPass account. This way if one of your accounts gets compromised, none of your other accounts will.
At any rate, I hope anyone who reads this will take some time to reflect on their personal online security habits and use this as a lesson. Stay safe online, ya’ll.