This is the first (of many hopefully!) blog contributions from our Library and Learning Technology Service extended family tree in Grwp Llandrillo Menai. This week Dan, based at Rhos site, wants to tell you a story ….are you sitting comfortably? Now let’s begin…..
Password security is something that I take very seriously. All of my passwords are undecipherable gibberish and at least 20 characters long, and I don’t use the same password for any two services. Some of you may think I go too far, that I’m paranoid and I’m tempted to agree. It wasn’t always like this though. I’ve been happily reliant on the same 4 (admittedly quite strong) passwords since I first got to log on to a computer. That all changed in April of 2011.
I’d finished work, met up with some friends and we’d headed back to mine to have a quick gaming session before heading to the pub. I got home, switched on the PS3 and started signing in to my account. After an unusually long wait I was shown this message –
Odd. Never mind though, a few offline games and off out we went. Next day I tried again, only to be met with the same message. Now I was a little concerned and I turned to the Internet for help. Very quickly I found out that it wasn’t just me. Sony’s entire online network seemed to be down and they were keeping incredibly quiet as to why. The days turned to weeks and the network stayed down. As more and more details were revealed the extent of the problem came to light and it horrified me.
Sony announced that the personal data of every single one of its 77 million users had been stolen in a huge breach. The hackers had my name, location, email address, gaming preferences and worst of all, my PlayStation username and password; one of the four passwords I ran my entire online life with.
The scariest part of this entire breach was the lack of security surrounding the storage of these passwords. Once the simple encryption was broken, the hackers had a list of usernames and passwords stored as simple readable text. That’s when I started looking at passwords differently. Before the entire Sony fiasco I was confident with my four strong passwords. Nobody could guess them so my accounts were safe. After this I realised that I could be using the strongest password known to man and it wouldn’t matter at all if these sites got breached. If a technology giant like Sony were storing my password in a text file behind a simple, easily breakable encryption, why do I trust that the hundreds of other services I use are storing it more securely?
These kinds of breaches are not unique to Sony. They received huge amounts of publicity due to the scale of the whole incident, but big companies are constantly being breached and a lot of it goes unreported – 96,000 Spotify usernames and passwords were posted online on the 20th March; Living Social announced a breach affecting 50 Million Users in April and back in February, quarter of a million Twitter User’s details appeared online. It’s happening all of the time and, unless you are actively looking for it, you may not even know that you’ve been compromised. That’s why sites such as www.shouldichangemypassword.com exist.
This is the reason I now take an active interest in my password security. I am glad to say that nothing happened to my account after the Sony incident. My bank details were swiftly removed and my passwords changed everywhere. Now I try to keep on top of the latest advances in password security and while I don’t consider myself to be a technical whizz, I think I read enough on the subject to offer some sound advice as to how to create some strong and unique passwords to make sure that they are safe from all but the most resourceful of hacks.
This is why I have created the following Password Mastery hand out. Creating strong passwords ensures that they will be difficult to break. Creating unique passwords ensures that should one website get hacked into, you can at least be reassured that the rest of your online life is safe. Most people only start worrying about the security of their passwords when it’s already too late. Be proactive and ensure it doesn’t happen to you.