With the password breach at LinkedIn and now with the current Wired article on the guy who had his accounts compromised and systems erased, I’m on a quest to write up my process for cleaning up my presence on the ‘net.
I do practice safe password security using a backed up password locker. I have multiple tiers of passwords with unique passwords on accounts that have access to any of my funds, either credit cards or other financial details. Second tier are accounts where personal information is stored. Third tier are things like forums. Fourth tier are the throwaway accounts where some site or another has asked that I create an account for access to their content.
For each of those accounts (with a few exceptions on mainly tier 4 accounts), I have a unique e-mail address as well. This is done because I have a mail server that I run so I can create unique accounts without a problem.
With our recent separation, I’m also reviewing those tier 1 and 2 accounts and removing or updated the information where appropriate. Since I had to get a new credit card in my name, I’ve removed all the other credit card details and left just the one current one in place. But with the Wired article, I’m going to be removing credit card numbers from every site I can.
The problem with that is that there are some sites, like Barnes and Noble, that require current credit cards in order to download your electronic books. I found this out when the card I used at the time had expired and I tried to download books to my iPad. Very annoying.
I’m already doing other things like backing up my systems. All of the non-primary systems are backed up to the main system which is then backed off to an external drive that is generally off (the system won’t boot when the external drive is powered on).
One other thing to think about. Many places use a series of questions asking things that you likely only know. However think about what you’re putting into those answers and whether someone could figure it out. Your mother’s maiden name? How hard would that be? Where you went to high school? Same thing. Heck, even favorite or first pet name wouldn’t be difficult to discover nowadays with folks yakking on social media sites. Especially when someone sends out one of those silly polls with, “what was your first pet?” You’ll likely respond with “Charlie the cat, he was the greatest” where upon you’ve given one of your pass phrase answers out.
The way to correct that? Give a false answer, something that’s not true. Of course you’ll need to record that answer along with your password in some sort of password keeper otherwise you’ll never be able to get in to the site.