Bill Moyers interviews Julia Angwin about her book,
Dragnet Nation: A Quest for Privacy, Security and Freedom in a World of Relentless Surveillance. Angwin, less for personal reasons than for protection of her sources as a journalist, made an attempt to, so to speak, drop out of her exposure to the constant government and private sector data mining to which every American (yes, overwhelmingly, such exposure is an American phenomenon, because other major democracies offer their citizens legal protection) is subjected.
The short version of her conclusion of how you can come closest to dodging the data miners (acknowledging there is no way to avoid them altogether):
CHANGE YOUR PASSWORDS, frequently and relentlessly, and I might add, not according to any system or fixed schedule. I know exactly one person among my friends IRL and OL who actually does this with real commitment, and I suspect s/he comes as close as any living American to being beyond the reach of the data miners. I am not that person. My commitment varies with what I perceive is my actual liability if I am hacked; that's the basis on which I decide how often to change any given password. And I am committed to choosing good passwords in the first place. But I am certain I am in hundreds if not thousands of commercial databases, if for no other reason than that a disabled person can't afford not to avail him- or herself of the sheer physical convenience of, say, shopping on Amazon. It's a trade-off I make, somewhat reluctantly but premeditatedly. Be sure you make similar decisions about your own exposure. The realities of both law and connectivity are against you, but you may as well minimize your liability as best you can.
I have a hard time understanding this. Passwords can be hacked, right? Why would changing them constantly avoid the hacking? Does it interrupt the process of trying to figure out the password? How would the hacker know? Why does a password that has been used for some time be more susceptible to cracking than one that has just been invented? As you see, I am clueless....
ReplyDeleteellroon, you're mistakenly assuming that you will know immediately when you've been hacked. You may, or you may not. If someone cracks your password, they may start using it immediately to buy stuff on your account, or if, Dog forbid, it's your bank account, they may just use the password to take an occasional peek at your funds, waiting until right after a big deposit. If you change your password every month, you limit your liability to a month's worth of funds.
DeleteThe other thing is that most people pick TERRIBLE passwords. "123456", "22222" and their siblings are just asking to be hacked... it's like having no password at all. The usual advice is as follows: use both alpha and numeric characters; use both upper and lowercase alpha characters; if punctuations are allowed, use those, too, in your password; do not use whole words or names intact as your password. Ever heard of a "dictionary hack"? In some cases, some systems will allow an unlimited number of login attempts, and if you've used an ordinary English word as-is, all the malevolent code has to do is try every word in the dictionary.
Changing passwords frequently allows you to employ more sophisticated passwords, and it stops 'em dead if you've already unknowingly been hacked. Passwords can be hacked if you insist on being predictable and then use your predictable password forever. It's also a good idea not to use the same password on a bunch of different accounts... if someone hacks one of 'em, they've got 'em all.
The choice, of course, is yours. My feeling: why give the crackers a gift?
Thanks. I will behave myself and change my passwords more often. So I take it the password 'password' hasn't been taken yet? :D
ReplyDeleteNo more often than "111111" ...
Delete