Part I in a series on personal online security. Parts II and III can be found here and here.
“Why You Should Change Your Amazon Password Now”
So says the headline of a recent Time magazine article. The word “now” sure makes for provocative news. The article begins, “Hackers said Friday that they leaked data associated with 13,000 accounts on Amazon, XBox Live and other sites.” The writer concludes, “[This] news should underscore how important it is to change your passwords frequently.”
But is this just alarmist rhetoric? Should we really worry about such a small number of victims?
Online retailers say we have nothing to fear. Not only was the number of victims small, the 13,000 were spread out amongst 14 different retailers, not just Amazon. Some might point to the much larger 2014 Home Depot hack as cause for concern (56 million credit card numbers stolen). But the online retailers say the Home Depot crime wasn’t actually a “hack,” per se. In that attack, credit card info was stolen from Home Depot’s self-checkout machines in physical stores, not from the company’s computer database.
In other words, according to the spin doctors, cyber security is sound. They might admit the 2013 hack of Target was large (40 million credit card numbers stolen), or that the Sony hack of 2011 came with high costs for the company. But Sony, Target, Home Depot, and any big company watching the fallout of their hacks, have cried, Never again! They’ve elevated their cyber security. They declare online retailing to be safe–or even safer than–shopping in a physical store.
That’s plain wrong.
In a recent segment of CBS 60 Minutes, cyber security expert Dave DeWalt says “97 percent–literally 97 percent of all companies–are getting breached.”
What a mind-blowing figure. And DeWalt should know. Target has hired his security firm, FireEye, to prevent future breaches. “Even the strongest banks in the world . . . can’t spend enough money or hire enough people to solve this problem,” he says.
Perhaps the real takeaway from the 60 Minutes piece was that “80 percent of security breaches involve weak passwords. One of the most common is: 123456.” In other words, 80 percent of the passwords now in the hands of criminals were absurdly weak to begin with. Or, rather, 80 percent of us are still using passwords the way we did in the 1990s: simplistic, easily remembered (aka, easily guessed by strangers).
DeWalt says, “The days when we our username and password is our son or daughter’s name, or our cat or our dog, is not enough security to thwart today’s hackers.”
So, don’t just “change your passwords now.” Make them stronger.
My next post: Password managers, or Doing Passwords Right