Data Security Reminder: Strong Passwords are Your Best Line of Defense
June 10, 2011 at 3:26 pm Mary Ludloff
By Mary Ludloff
Yes, I am still working on my second post about the McKinsey Report which focuses on the U.S. health care system and what we can do to “analytically” fix it but I am also, as always, keeping an eye out for interesting news items to pass along. In particular, a WSJ blog post about data security (yours and mine) caught my eye because it reminded me of the importance of passwords.
As you may remember, a while back the WJS “broke” a story that smartphone apps are hijacking our personal information. Well, according to the WSJ, this is still the case:
“Computer security firm viaForensics has found the applications for top Internet companies LinkedIn Corp., Netflix, Inc., Foursquare and Square, Inc. stored various forms of users’ personal data in plain text on a mobile device, putting sensitive information at risk to computer criminals… The Android applications of LinkedIn, Netflix and Foursquare stored user names and passwords in unencrypted form on their Google-powered devices. Storing that data in plain text violates a commonly accepted best practice in computer security. Since many people tend to use the same usernames and passwords across any number of sites, the failing could help hackers penetrate other accounts… ViaForensics also found the iPhone version of Square’s mobile payments app exposed a user’s transaction amount history and the most recent digital signature of a person who signed an electronic receipt on the app.”
Now, I have blogged about data security a lot—just like you, I am concerned about keeping my personal information private (and yes, it sometimes feels like I am waging a battle where the other side is winning). The best way to do that is through your passwords:
- They should be strong.
- You should have a different password for each account.
- They should be securely stored.
For more information, go to my blog post on cleaning up your passwords.
As far as our smartphones go, don’t forget that this handy-dandy device should be treated just like your laptop or desktop computer as it is a gateway to accessing your personal information. At the very least, you should do the following:
- Password-protect it and make sure that it automatically locks if you have not used it for a few minutes.
- Make sure that any application you use on it does not store login information or allow for automatic logins.
- DO NOT store login or password information in your contacts or texts.
For more information, go to my post on data security and your mobile phone.
My final words on this one: we need to remain vigilant about the possible ways our data can be breached (which is always a possibility even with the best security policies in place and operational). By employing some simple (albeit time consuming) rules, we can mitigate those risks so that a breach at one site does not cause a domino effect with other sites. So clean up your passwords and make sure that your smartphone is secure!
Entry filed under: Data, Uncategorized. Tags: data privacy, data security, Foursquare, LinkedIn, Netflix, password protection, Smartphone, Square.