Oh, by the way, your account was hacked – 3 months ago
On Thursday of this week we learned that eBay had been hacked and that nearly 150 million customers’ details had been compromised – including mine. So, yes, of course, on hearing the news about the eBay fiasco I immediately changed my password. It was the least I could do, literally.
The fact that I was changing my password about 3½ months after eBay had been hacked didn’t reassure me hugely. And the fact that quite a number of organisations, including some US states, are now looking into the this matter confirms my uneasiness about the ethics of the eBay management.
(Incidentally, this is not an NLP article. Yes, I aim to always publish articles that have a clear NLP-angle, but sometimes, like now, I like to publish an article that has wider significance.)
Professionalism and customer care in action?
It seems that eBay management knew around 12-14 weeks ago that their customers’ security had been jeopardised. Yet they continued to allow their customers to use the site without safeguarding their customers’ security. And continued to allow new customers to join the site.
No doubt their PR people will eventually cobble together some sort of rationale for their inaction – so far it seem the best they can come up with is that they’ve seen no increase in fraudulent activity.
Scared listeners
eBay’s ineptitude is disturbing. Their respect for their customers is not apparent. However this security fiasco has alerted me to a phenomenon I hadn’t realised was so widespread – the general lack of savvy about the basics of online security.
I listen to the radio a lot because I find TV too soporific. And this has been a hot topic on the radio since Thursday. One of our local stations seems to have mainly elderly people phoning in and many of the comments and worries about the eBay fiasco in particular, and about internet security in general, have ranged from hilarious to deeply disturbing.
One of the things which really shocked me was the number of people who seem to try to keep all their passwords either in their head or on a scrap of paper – of use a pet’s name for all of their accounts. Even though they may have dozens of sites to login to.
I listen and I silently rant “have they never heard of Password Managers??!” Now obviously that’s a rhetorical question – because so many haven’t. (Yes, I could have called the station(s) and waited for ages before getting through but I’m in the middle of a house-move at the moment and that makes high demands on time and attention.)
Password Managers
I’ve been using password managers since the late 90’s – when I came across the (then) free and wonderfully user-friendly RoboForm. It’s still around although it’s been superseded by more effective and better designed Password Managers – many of which are also absolutely free.
A password manager is a programme or service which enables you to login to an unlimited number of sites, each using different login details, with just one Master Password – which means you don’t have to memorise a lot of different passwords. Each time you go into a site that requires a password the Password Manager checks that you want it to enter the password and then automatically does this.
What’s more, most of the Password Manager programmes will also generate lengthy and highly secure passwords for you which can include multi-digits, multi-case, and include special characters such as !, &, @, ~ etc.
And, no, a Password Manager will not protect you from situations like the eBay one. But it does make it easier for you to take whatever steps possible to change your password. And the very long and very complex passwords which they will generate for you (and which would be near impossible to memorise) will deter all but the most determined hackers.
Which Password Manager?
There are some excellent reviews online – here are two:
www.pcpro.co.uk/features/380377/password-managers-are-they-safe-which-is-the-best/2