The PlayStation network hack highlights the danger of using just one password for your entire digital life.
As security breaches go, it doesn’t get much bigger than the recent PlayStation Network (PSN) and Sony Online Entertainment attack that saw hackers get their hands on the details of more than 100 million customers around the world.
While not all of these people had handed over their credit card details to Sony, they’d all handed over plenty of other information such as name, address, phone number, email address, date of birth and password.
Advertisement: Story continues below
Whether you’re a PlayStation owner or not, there are two key lessons to be learnt from the PSN hack. Firstly, don’t use the same password for all your online services. Secondly, don’t be afraid to lie when services ask for more information than they really need.
Using the one password for everything is just asking for trouble. It only takes one service to get hacked and your password is out there.
Once the bad guys have your PSN password, for example, they’ll probably try using that password to get into your Facebook, Twitter and email accounts and perhaps even your online banking. The more sensitive a service is, the more important it is that you use a strong and unique password. Unfortunately, a leak of 10,000 Hotmail passwords in 2009 found the most common password was 123456, followed by 123456789.
A strong password must be at least eight characters long and avoid dictionary words. It should contain a mix of upper and lower case letters along with symbols. The best passwords look like gibberish but are easy to remember.
One trick is to use the first letter of each word in a phrase or rhyme — for example, the first two lines of Humpty Dumpty become “hdsoawhdhagf”. Make some of the letters upper case, drop in a few symbols and you’ve got the foundations for a secure password.
When creating a wide range of passwords you might want to start with a strong base password such as HdSoAw*70. Now you can generate unique passwords for different services, such as gHdSoAw*70m for Gmail and fHdSoAw*70a for Facebook. Make sure your pattern isn’t so simple that if someone discovers one password they can easily guess the others.
Weak passwords are a security threat but so is giving services more information than they really need. Identity thieves can start with even the most inconsequential data and steadily build up a detailed picture of you. Does Facebook really need your home address? Does the PSN really need your phone number? Sometimes it’s best to live at 123 Fake Street, with the phone number 1234 5678 and to be born on January 1, 1900.
It’s worth sitting down occasionally to look for weak links in your security precautions. Which services are the most sensitive? Which are the least secure? Which passwords are weakest? Which passwords may have been compromised and what are the possible consequences?
A regular security audit could stop your digital identity falling into the wrong hands.