The only thing separating online scammers and my accounts was a six-letter word that you likely used this week in casual conversation. That’s as much detail as I care to drop without simply blurting it out. But that’s almost more information than an account hacker would need to get in. And then one did.
Nearly a year ago, someone was able to log into my personal account and request a transfer of funds. The transaction was only worth $100, luckily, (thanks to limits that I placed on the account for safety but never thought I’d have to use) but I didn’t discover the incident until nearly a day later, when I saw an e-mail alert from the e-commerce company account host that noted the $100 request would be held for three days.
As a technology writer and editor, I should’ve known better than to let a weak password stand sentry between the unethical sort who mean to e-rob me. Especially since I researched and wrote about the importance of “Safeguarding sensitive data” for law enforcement IT administrators (Officer.com/10233865) a couple years ago. To be fair, I had taken a step toward better protecting my information shortly before my money was just a mouse click away from a thief, but I’d failed to remember one site, the e-commerce site that was eventually compromised. That’s just how easy it is to lose grasp of how ubiquitous everyday life is tied to the web.
It might not be your online buying accounts. You might not shop at Amazon or Overstock.com, but there are a plethora of other ways your information is shared online that could be compromising your more sensitive online data, like your e-mail or work system passwords. Data breach security doesn’t mean just personal accounts. As outlined in the “Safeguarding” article written two years prior to big cuts, the margin for error in data security, including password integrity, is zip to none. I dare not calculate that margin using today’s limited assets.
The account that was hacked was not on any backdoor shenanigan-type site. I wasn’t doing anything particularly original (or risky) on this e-commerce site; in fact, I am joined by millions of people who use the same company regularly for legitimate business. It’s a valid company that I’ve been using for years. I was shocked.
After some time on the phone with a company rep, I learned this type of incident is routine. I changed the password on the site to block the hacker out and simply sent the funds back to my main account without a fee or penalty.
But consider this: I’d beefed up my passwords only a few weeks prior to the hack. I’d been inspired by a friend in the info-tech industry to amp up my password security. I’d overheard him walking a colleague through a password-protected security hub when he rattled off a 12-plus character password using letters, numbers and special characters with such ease that it sounded as if he was making it up as he went. Just a couple weeks prior, I’d also come across a cheeky post on a tech site, Lifehacker.com, on how easy it is to track down one’s passwords. That was eye-opening. I’d committed a few of the password sins mocked in that article, so I thought it time to bolster security and give myself peace of mind. My tech friend explained his alpha-numeric password system is a way to strengthen a password with letters and other characters, but works as a mnemonic device to help you remember them, and I went about securing my various passwords including e-mails, Facebook, Twitter, business accounts, etc.
So here I am, a technology editor and writer, flustered by how easy it was for a stranger’s mouse to click on my dollar signs. And I was already paranoid about the possibility of it happening. Do yourself a solid and keep your protected info behind the gate, both personal and agency-related.
A six-letter word almost cost me a fast $100—and who knows what else without the sundry safeguards in place elsewhere.