Monday, September 07, 2009

Media raises concerns about ordinary user password security

The Washington Post has an alarming, “un-gentle” story (front page, Labor Day, Monday Sept. 7) by Tom Jackman here, and Evan Haning has a similarly probing story on WTOP here about Internet password security. The visitor can search for the entities discussed in the stories and draw his or her own conclusions. I won’t make any accusations here.

Yes, people who have jealous ex “lovers” can become marks on the Web, and this sounds like a new dimension of danger, but it’s probably not new. Attorney John W. Dozier covered some of this material on his recent book on reputation that I reviewed on the books blog Aug. 27. I could say, leave some of this to a screenwriter’s imagination (especially for a Sony “Screen Gems” kind of movie), but it would be possible to set someone up and frame them on the Web just as in real life in 50s Hitchcock movies.

The basic rules of password security have remained the same. As far back as 2000, companies were checking employee’s passwords for “strength” (and were warning employees that they were responsible for misuse of their logons); and most sites today enforce strong pw’s and require more novel security questions with more unique answers. Change your pw’s frequently, especially if your computer is shared by others or if you have to travel a lot. If you are in a position to check your financial accounts frequently online, do so (accounts that are frequently visited are much less often compromised; if you cannot visit them frequently, pw security is even more critical). Most of all, be wary of the old phishing tricks. Reputable companies do not invite you to submit personal information by email (except when going to “reputable” third party sites for credit card payment). Be wary of “bad sites” (refer to a site advisory service like McAfee Site Advisor or Web of Trust). Use common sense. I guess one could say, don’t make enemies, or be aware if you think you have. Another tipoff for possible problems: if you repeatedly get calls (not just spammy emails, but actual calls) for “job offers” that sound inappropriate for your background, or that seem motivated by some kind of agenda. Also, practice wireless safety; it’s safer to pay and subscribe to a more secure national service (Verizon) than use free motel or restaurant wireless.

As for computer security, I don’t know if the jury is in that the Mac is necessarily “safer” than a properly protected modern Vista or Windows 7 (soon) PC. But it seems, in my experience, that Spysweeper provides more warnings than does McAfee about possible hazards. It’s a good idea to scan for spyware and sky cookies as well as conventional viruses.

MSN has some password tips (by Michael Scalisi from PC World) here.

No comments: