Beauty queen turned vice-presidenial nominee Sarah Palin had her Yahoo! e-mail account broken into last week. (Who uses Yahoo! e-mail?) It was a heinous crime, right up there with the Lindburg baby, and one that exposed her horribly boring personal life to the world. It was a political non-event: no saucy tidbits, no porno site passwords, no that-moose-deserved-its. But the likes of Fox News and Drudge used the opportunity to scare the pants off normal folks: “hackers!” “evil!” “danger!” And so on.
As a well-known security expert, I’m more than happy to offer a few tips and tricks to help prevent you from ending up like Palin over there.
Basically, keep your wits about you. Palin’s account was hacked, I think, because the dumb kid who hacked it—you just know it’s some dopey kid trying to impress his equally dopey friends—was able to use Yahoo’s “forgot your password?” feature. Here, Yahoo! asks you for something like your first pet’s name, your mother’s maiden name, etc. in order to retrieve your password. Now, the odds of a complete stranger guessing your e-mail account name and the corresponding password is pretty low. But, who’s to say That Jerk at the office, or perhaps your vindictive ex-wife’s hired gun, doesn’t already know your account name, needing only the password to get in? That’s the type of person you need to be on the lookout for.
Keep your wits about you? Don’t use the same password for all of your online accounts. I know you do—I do, too, but I usually use one of four different passwords per account—but you really shouldn’t. I’m not suggesting you use a random number generator for every forum or e-mail account you have, but at least keep a rolodex of a few different passwords handy.
Keep your wits about you? Don’t take those “forgot your password?” features seriously; answer them with nonsense. Back in 2000, one of my forum passwords was guessed, à la Palin, because someone deduced the answer to the question, “Who’s your favorite wrestler?” (It was a WWF message board.) The answer, Triple H, was easy to figure out, especially since my signature was something like, “Triple H rules!” The evildoer then proceeded to change my password and ruin my good name. It was a lesson learned, though, as I’ve never since taken one of those “forgot your password?” features seriously. Just remember your password. There are harder things in life.
Keep your wits about you? Try to limit the time you spend on public Internet connections. If I’ve said it once I’ve said it 1,000 times, all it takes is one script kiddy armed with a packet sniffer (like ettercap, which is the Swiss Army knife of network security tools) and all your data can be intercepted. This includes SSL-encrypted info, too, since programs like ettercap can completely defeat SSL. It goes without saying you don’t want to be doing any online banking at a Starbucks or at the airport, for example.
Keep your wits about you? I really cannot stress the importance of using common sense while online. What if some dude came up to you on the street claiming to be the wallet inspector? Would you give him your wallet? I should hope not. Be vigilant, use your better judgment and don’t claim to be against bridges to nowhere when the record shows that you were very much in favor of it.