SHERIDAN: Online password leaks a strong reminder about who to trust online
I have changed my primary password more often in the last six months than I had in the past three years.
While I was angered when my account credentials were leaked in the recent Sony PlayStation Network debacle and before that in the December compromising of popular blog network Gawker’s systems, they did remind of something very important about the Internet:
It’s a big club where we all share our money and information, and, relatively speaking, very few people on it actually know who we are.
To the PlayStation Network, I am not a student, editor and boyfriend. I am a string of characters. If someone knows the name of the email account I use to sign in and the password I chose to verify my identity, they might as well actually be me.
Sure, some sites require authentication through email to make big changes to payment or address information. But how many people can actually say they keep different passwords and account names for those systems?
Email verification does not do much good if would-be identity thieves have access to those accounts, too.
While it may be Sony and Gawker’s fault that my information was released, it was my own for trusting them. I disregarded the simple fact that any person or organization I give my information has the keys to my virtual kingdom.
So what can we do? Keep a different password for every site, forum and service we frequent?
It is certainly an option, but I don’t have the willpower or time to do so. And keeping all of my passwords on an easily lost note card or a spreadsheet just begging to vanish with a crashed hard drive does not particularly appeal, either.
Instead, I suggest users maintain a few tiers of security, based on the trust they place in that particular institution.
For instance, my Google and Amazon accounts are at the highest tier. They are both extremely web-savvy companies with enough security, encryption and backups to stop all but any attack. They share a password because if anyone compromises those accounts, I’m more or less done for, anyway.
Facebook, popular gaming service Steam and PlayStation Network occupy the next rung down, and miscellaneous forums or sites I do not care much about one way or another fill the last.
It is by no means a perfect system, and I encourage users to work out ones that fit their own desired balance of convenience and security.
But whatever you do, be aware of the power that rests in those two no-more-than-twenty-character phrases.
For all the Internet cares, you are your name and password. So at least make them tricky ones.