If you’ve been watching the news, this has been a bad year for internet security. In October 2013, hackers broke into Oracle’s security systems and getting information from 152 million accounts. In May of 2014, eBay revealed that the private information of 142 million accounts had been compromised. Adobe had a data breach last year that exposed the info for 38 million users (and the hackers got 3 million credit cards).
You can see the 100 most popular Adobe passwords here. The most popular password, used almost 2 million times? 123456. Second most popular password? 123456789 was used by almost a half a million people.
The reason why this is such bad news is that password crackers can use this huge data set to analyze patterns. It use to be that password crackers were pretty dumb, going:
and so on, until they found their match. This was hugely inefficient, so they got smarter and started searching dictionary words first. By studying these stolen password lists, they can now crack password that you would think are secure, like ‘momof3g8kids’. Ars Technica has a very good article about these new trends.
When you hear about news like this, it’s easy to throw up your hands and say ‘screw it, this will never happen to me’. To a degree, you’re right. The odds of your identity being chosen out of over 100 million accounts is very slim. However, it only takes one bad roll of the dice to make your life a nightmare. A few years ago a story was going around about what happened to Mat Honan. His story is worth a read.
So what can we do?
First, use better passwords. Here’s a great post describing what’s wrong with passwords and how to make better ones. Second, don’t reuse passwords. If you use the same password that you used for Adobe’s website, then all your internet logins would be compromised.
Now, I would assume that most VFX artists have a lot of internet accounts. By our nature, VFX artists are often tech enthusiasts. I have 57 different online accounts, ranging from my email, bank, online message boards, stores and social media accounts. There is no way I could remember 57 different passwords, especially if they had no dictionary words, no connection to my personal life, and had random numbers and symbols in them. It’s too much for me. This year I started using a password manager. I only really know a few of my passwords, the rest are all handled by my password manager that syncs to my home computer, iPad and iPhone. If you’re going to use a password manager, make sure it’s a good one, some of them have been found to be weak. I started using 1Password and have been happy with it.
Next, enable 2-factor authorization on every account you can. Google has a great video explaining what 2-factor authorization is.
Basically the idea is that you have to input your password, plus a number that the website will text message you. You don’t have to do this every time, just the first time you use a new computer. That way, even if a hacker has your password, if they try to log in on to your account on their computer, they won’t get the code that the website would send to your phone. Lifehacker has a good article on what web services support 2-factor authentication here. There’s an even more comprehensive list on this site.
Finally, you shouldn’t use public Wi-Fi without the use of a VPN. A VPN stands for ‘Virtual Private Network’. The Wikipedia definition reads “A virtual private network (VPN) extends a private network across a public network, such as the Internet”. A lot of Canadians use VPNs to mask their location on the internet so they access the American version of Netflix, Hulu and HBO Go. VPNs can also protect you when you use public Wi-Fi so that people can’t intercept your messages. If you Google ‘cookie hijacking public wifi’, you can find tutorials on how to intercept people’s Facebook sessions, it’s apparently not hard. There’s lots of VPNs you can use, when I was on my trip recently I used a service called Cloak when I connected to the hotel’s WiFi and it seemed to work fine.
Do you have any internet security tips? Have I missed anything important? Please leave a comment in the box below.