How secure are your digital assets? With the massive database compromises of sites like Gawker and its associated properties, both individuals and groups are finding that passwords aren’t enough. But what’s a realistic alternative or supplement?
Here’s one. Do you see this little gadget attached to my keychain?
It’s a World of Warcraft authenticator. It’s a little device that generates a random number bound to my Warcraft account every 30 seconds or so. To log in to play, I sign in with a password and type in the current number. It takes literally seconds to do and ensures that my Warcraft account is harder to hack as you’d need both the physical device and my password to get in.
Now explain this to me: why is my video game, my leisure activity, more secure than everything else I use in my digital life? I swipe my credit card at stores and the bored minimum wage clerk doesn’t even bother looking at the signature. I log into my bank account online with just a password. I used to work in a credit union data center a little while back where passwords for the system were mandatory – but they were four digits only and if you compromised them, you’d have access to literally billions of dollars.
The technology to add strong security – or stronger security at any rate – isn’t especially difficult for users to add to their routine. That’s a baseless fear- millions of Warcraft players like me use a strong security system daily. Database disasters like the Gawker incident highlight just how fragile and easily broken the simple text password is, and should be a wake up call to us, the consumers, to demand more security out of the institutions we deal with daily.
Want to get a jump on institutions? Change your passwords now, and change them in such a way that no one password works for everything. At a bare minimum, add a word for password groups so that password sets can be remembered but are different from major network to network.
For example, if the password you want to use is CheeseBurgers!, then create CheeseBurgers!Banking as a password for financial services, CheeseBurgers!Social for networks like Facebook and Twitter, CheeseBurgers!Email for mail services, etc. You’ll still mentally have “one” password but it won’t work for everything. (the added length is also a minor increase to security since longer passwords are harder to guess) If another Gawker media incident happens where millions of passwords and email addresses are stolen, perhaps only your CheeseBurgers!Blogging password will need to be changed.
Security is and will be only as strong as we demand of the companies we work with. Demand better of everyone and everything you work with!
Want to read more like this from Christopher Penn? Get updates here:
Get your copy of Marketing Blue Belt!