So, in case you didn’t know yet, Sony got hacked a couple of weeks ago.
And then they got hacked again last week.
Hackers successfully downloaded more than 70 million user accounts worldwide, 1 million in Canada alone.
Have you ever played a Playstation 3 or PSP game online? Have you ever bought a movie or music from the Playstation store?
(Or has anyone else in your family?)
If you have, well, you should consider your personal information currently for sale on the black market.
That would probably include at least your email address, your password, your home address, and your credit card details.
Even if you haven’t been affected by Sony’s failure to protect its customers, take heed.
It could have been any online service.
It could have been Amazon or iTunes; heck, it even could have been Facebook.
Because if there’s one truth online, it’s this: hackers are constantly at work trying to break into every major network.
And, in all likelihood, they’ll crack another one soon.
So if you’ve shared your information with any website (and who hasn’t?), you’re at risk.
Why? What are these hackers after?
Well, money, of course.
In general, an active internet account will fetch about $10 on the black market.
However, it’s rumoured that because of the sheer volume of the recent Sony heist, that price has dropped closer to a dollar or two.
Once they purchase these accounts, a third party can mine them for more valuable data elsewhere.
Most people use the same password on every account, after all.
So even if your Sony account doesn’t hold any data of value, they can use the login credentials they find there to access other environments like Amazon, Facebook, iTunes, or even your bank account.
So how do you protect yourself?
There are two simple guidelines you should follow.
First, reduce your exposure.
You don’t need to sign up for every newsletter and social network you come across online.
In the environments you do choose to sign up for, be prudent with the information you share.
Even if the site isn’t hacked, it’s likely a third party will view your information at some point.
The second, and more important practice, almost sounds cliché: never use the same password twice.
Of course, as simple as both of these ideas sound, people clearly find them really hard to live by.
Signing up for anything, especially when it costs us nothing, makes us feel like we’re getting something.
In fact, the reverse is true.
We’re giving everything away.
We see a free newsletter, we give away our email address.
A free account on a social network site? Cool, here’s more personal information than even my best friend has.
Free gaming network? Even better. Take my credit card in case I ever have to buy some virtual battle axes.
We literally get nothing in return for handing over our most sensitive data.
Nothing, that is, but a heck of a lot of risk. And usually spam, to boot.
Then, when those environments get hacked, as Sony did, we get exposed to all sorts of pain and suffering.
So here’s a new word you should live by: withhold.
Don’t sign up for any more free anything online.
Skip it all.
Unless, of course, you’re absolutely certain that whatever you’re signing up for holds long-term value and utility for you.
More to the point, however, be fully confident in that site’s ability to protect itself from hackers.
Then there’s passwords.
Everyone knows this rule so well, but fails to follow it.
Or maybe “fails” isn’t the right word.
It’s more like can’t.
I mean, who has the brain capacity for 200 different passwords?
Isn’t that what computers are for?
Indeed they are. And there’s an application I use just for this purpose.
Ontario-based Agile Web Solutions offers an outstanding solution to this technical problem and it’s called, somewhat surprisingly, “1Password”.
1Password is a desktop and mobile app that stores passwords and other data in an encrypted database.
It syncs this data across multiple computing platforms including Mac, Windows, iPhone, and Android, and it makes it accessible to your web browser.
When you sign up for new websites, 1Password will generate a random, strong password for you to use as the login for that website.
When you come back to that website, 1Password will automatically enter the password and log you in.
So you can truly have 200 different passwords and never have to remember any of them.
Well, actually, you have to remember one password: the one that unlocks and decrypts 1Password’s database.
And it better be a good password, because if it falls into the wrong hands, then it’s open season on all those passwords that even you don’t know.
But at least that one password only exists in your head, and not on the 63 forgotten websites out there you randomly set up accounts with.
So, yeah, Sony screwed up and got hacked.
And, sure, you can join a class action lawsuit and give the electronics giant a bit of a slap on the wrist.
But that won’t get your data back.
It’s your responsibility to be safe online. Reduce your exposure to risk by withholding information, and responsibly manage your passwords.
Otherwise, the next time this happens it’ll probably be worse. And when you lose your data, you’ll only have yourself to blame.
Originally published in the Yukon News on Friday, May 6, 2011.