If you're a member of Sony's PlayStation Network, you'll probably already know it's been down for a while. The reason? Hackers compromised the network, and ran off with the personal details of 77 million Sony customers. The company has not ruled out that this may include credit card numbers and passwords.
Take prompt action, or things could get very ugly very quickly.
Ivo Vegter, ITWeb contributor
Now isn't the time for complacency. Get cracking. (Sorry.)
If you're an investor, today would be a good day to learn about short selling. Sony's share price is still hanging in there, but this is a golden opportunity to take advantage of its misery.
More practically (and less cruelly), today would be a good day to review your security habits.
Check your bank statements. Any strange transactions can be an indicator that fraudsters have either obtained your credit card number, your banking login details, or have impersonated you well enough to fool your bank. If you're not at fault, you won't be held liable for fraudulent transactions. However, do take prompt action, or things could get very ugly very quickly.
If you fear your credit card number or an important password has been compromised, take some time to contact Experian, TransUnion and XDS. They're the main credit bureaux in South Africa. They will, upon proper identification, supply you with a copy of your credit record. Once a year, they'll do this for free. Otherwise, they'll charge you a small paperwork fee, usually in the region of R35. Besides for listing defaults, judgments, accounts or loans you may not have been aware of, this record includes a list of enquiries made by banks, telcos, letting agents and other companies with an interest on whether you pay your accounts. Check those queries. If some of them do not make sense, be suspicious and follow it up.
It's good practice to do this anyway once a year, because despite our well-intended laws, the organisations that bill consumers, like clothing stores, municipalities and mobile operators, often spring nasty surprises on unsuspecting customers.
Once you're comfortable that your important information is safe, it's time to turn to password security.
Passwords are the bane of online existence. Too many, and you'll forget them. Too few and you'll be giving every e-Tom, iDick and @Harry a t-shirt to sell your banking or e-mail password.
For transactional services, you should always use unique passwords. At no time should your banking, Amazon, eBay, Paypal, or indeed paid Sony PlayStation account use the same password. E-mail, as a primary channel for password recovery and identity verification, should likewise use a password that you don't use anywhere else.
For less critical accounts, where money isn't involved, you can use less secure passwords, and re-use them. If you always sign up as BlitheBob/bl1th3b0b, for example, having that password guessed or stolen will just compromise a bunch of game or news site registrations. At least your money is safe.
For dodgy sites, like cracked software or pornography, always expect a dodgy character on the other end. Stands to reason, doesn't it? It's not for me to moralise about where your online travels take you, but if you're going to do business on the shady side of the Internet, never use your regular passwords.
Of course, there is a way to ease all this. The simplest is to use the kind of password manager that is built in to many browsers. Firefox, for example, can store form data and passwords for you, though you need to remember to always set a master password, to prevent unwanted users, whether they're local snoops or remote hackers, from being able to click “show passwords”.
More sophisticated solutions are the way to go, however. Remember that criminals do want to hit you, even if you think you're a small fish, because your innocent small-fish identity is useful to them. However, also remember they tend to hit easy targets first. If you're not one of them, you'll be safe, even if your security isn't entirely perfect.
There are many platform-specific applications that can help. The 1Password tool works across Apple computer and mobile devices. RoboForm is great for Windows, though the full version costs money. Cross-platform alternatives which will work on any operating system include the KeePass (or KeePassX) standalone application, and my personal favourite, LastPass, which works as a browser extension or, if you buy the premium version, on your mobile devices too.
The most important usability questions when you select a password manager are whether it works on all your devices, and no matter where you are; how to recover the master password, which you're guaranteed to forget the day after choosing it; and how hard it is to recover your passwords if your computer gets stolen. This last question is double-edged. On one hand, you want stored passwords to be securely encrypted so hackers can't get at them, and on the other, you want access to your accounts without having to guess the password.
One of the useful features of a password manager is the ability to generate strong, unique passwords. While you may not remember them, the software will, and most methods of password hacking won't break them in a million years. Even if they get stolen from a lax outfit like Sony, Microsoft or eBay, which you can't prevent, and they clearly can't prevent either, such a password won't work anywhere else. There's nothing quite so bad for the nerves than the realisation that a hacked password also happens to be your banking password.
Once you've got everything managed by LastPass, or whichever manager better serves your needs, make exceptions for two passwords, which even LastPass shouldn't know. After all, it could get hacked too, in principle. Your banking password should remain unique and complicated. Use letters, numbers, and if permitted, symbols. Don't base it on something that's easy to guess if someone Googles your biography, and make it long. Most password managers can't auto-login to banking sites anyway. Then, also exclude your primary e-mail account. This is the place where you reset passwords, and receive PIN codes from your bank if your cellphone doesn't work. You don't want this to be compromised.
Once you've done this, you'll have only three passwords to remember, and none that are easy to guess, easily crackable, or usable elsewhere if stolen.
If this disaster for Sony prompts you to lock down your online passwords and review your security habits, you'll have something to thank them for.
And then short the blazes out of them.
Share