A few weeks ago the entire tech world was up in arms over an unfortunate breach of digital security for Wired blogger Mat Honan.
An explanation directly from Honan himself: “In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”
This and the recent hacking of Yahoo passwords got me thinking about how many have brought old-school security techniques to a brand new tech party where the scope and magnitude of our computing habits have a much tighter link to our real lives. So I did some research about the best ways to secure your personal data. It is also very pertinent to the work we do at Contemporary Analysis.
There’s little you can do about a service you use getting compromised, but there are things you can do to minimize the risk of people taking over your accounts or stealing your personal data if it does happen.
(That is all. Thanks, XKCD.)
Most people aren’t good at remembering their passwords, so many services give the option to have a reset password sent to your email address on file. Knowing this, if your email password is breached, it isn’t hard for someone to start going around requesting a reset to other accounts tied to your password, giving them complete access to the entirety of your digital life. Your email should have your strongest password - and it should be the only account that uses the password.
It’s a fool’s game to keep one password for every single service you use, as tempting as it may be. There is a little trick I use to have a theoretically infinite amount of passwords that are all just as easy to remember. Using the XKCD method to password generation, I like to break a password into three parts.
- The name of the service being used (the first letter being capitalized)
- Your own “phrase,” (ala XKCD)
- A small random set of numbers and one special character (!,@,#,$, etc)
Keep the underlined part the same and change the first part based on the new service.
This is useful for a few reasons.
- Most websites have requirements for a certain length (but rarely do they limit length).
- Most require use of letters, numbers, a capital letter, and maybe one special character. If they don’t require it, it’s often the case they won’t reject it.
- Using this, you have a password that’s acceptable all of the time that you’ll remember easier because it’s completely standardized.
- By using the individual name of a service as your major differentiator in the password, it becomes a lot more difficult for a random generator script to guess all of your passwords even if it can get the second half. Individuals may be able to see the pattern however, and if you're worried about that, just change it to the first half of the word instead of the entire one (face instead of facebook).
I hope you enjoyed this post on the best ways to secure your personal data. We take data security very seriously at CAN, hosting our client’s data on PCI, HIPAA, and SSAE-16 compliant servers with redundant back ups of our most important data. Learn more about our security.