You see, like most data professionals, I have three levels of password security. Level one goes to my bank account password. It's long and complex and hard to guess. Level two goes to my e-mail accounts - they're shorter, but still don't spell anything, and should be hard to break. Level three goes to my shopping and utility accounts. I don't care so much if someone breaks in and gets to my electric bill.
When I first set up my iTunes account, three years ago when I got my iPhone, I set it up as a shopping account. Time went on, I got an iPad, iCloud arrived to back up my data to the cloud, and I wasn't thinking that part of the data backed up to the cloud was my e-mail contact list. I still had it on the simple password list.
Silly me.
I found out about the hack about ten minutes after it happened - my friends on the west coast were up and checking e-mails, and one of them texted me. I cussed a blue streak, got online, changed my password and started on damage control. I was puzzled by some of the bounced messages - they were sent to people who weren't on my personal e-mail account. So, I puzzled and puzzled some more (in the immortal words of Dr. Seuss). How did the hackers get the addresses? It wasn't until morning that I figured out the link to my iTunes account - it's the one place where my personal and work emails blend.
I felt a little better; my email account password hadn't been hacked after all. But really stupid. I should have thought about the security of the iTunes account when I set up the online backups. Fortunately for me, it was a hit-and-run hack. They sent out some stupid link to a magical weight-loss site. **sigh** I do wish these people would use their powers for good...
So, for those of you who are not data professionals, here are a couple of ways for you to avoid the trap I found myself in:
- For anything that involves money or your email accounts, the password should be 10-16 characters long, shouldn't spell anything, and should be used on one site only. A good way to come up with a secure password is to pick a phrase: The sun will come up tomorrow. Then, pick the first letter of each word: Tswcut. Add some numbers you'll remember. (The last four digits of a friend's phone number work well, for those of us old enough to remember when we had to remember phone numbers without the help of our phones.) And you have it: Tswcut6403 - a hard to hack but easy to remember password. (And yes, I have a list of websites and passwords written down somewhere. I figure it's really hard to hack my paper files...)
- I have a separate email account I use for shopping accounts. I figure since I use simpler passwords on those sites, this way if the accounts do get hacked, they don't get much - just links to places that send me shopping e-mails. I also don't allow the sites to save my credit card number - it's not THAT hard to type in each time, and I've heard of too many places getting broken into and those lists of card numbers stolen.
Thanks for turning your "grrrr" experience into a learning opportunity for us all!
ReplyDelete