Monday, May 02, 2011

Protecting Your Digital Data

Steve Branigan - a member of my advisory committee, an adjunct professor in my program, and a security expert - gives his take and personal experience with the recent attack on the Sony PlayStation Network. A critical point he makes - do not use the same username and password on all of your social networking sites - if any one of these accounts is compromised, all of your accounts are compromised.

how safe is your digital data? « Trends in high tech security:
The recent hack of the Sony network has exposed user information on approximately 77 million accounts.  The attack, according to an article in the The Telegraph, has potentially exposed passwords and credit card numbers.  If this is true, this is “not good”, since it would imply that the passwords and the credit card numbers were not encrypted when they were stored in Sony’s network.

I registered for the Sony network, so apparently my credentials were among the ones stolen during this attack. At the end of this posting is the email message that I received from Sony about the incident. (I have removed some information that is not important for this posting.) The posting recommends changing the account password once the Sony network has been reactivated.

The Sony network required an email address and a password for a user to log into their network. An email address along with a password is used for authentication to other networks, such as LinkedIN or Facebook. Thus, it is possible that some of the accounts compromised in the Sony network attack can be used to hijack non Sony accounts. The below email message from Sony would be better if it recommended that users change all accounts using the same email address and/or the same password used in the Sony network.

What can users do? When registering for networks such as Sony’s, Amazon’s or others, be sure the email adress and password used for authenticiation on one site is not used for authentication on other sites. This means that a user needs to  ensure that the userid/password used to log into Facebook is not the same as the userid/password used to log into the Sony network. This will limit the potential risk if one network is compromised For example, my amazon ID is not at risk from this attack since I user different account information for the Amazon and Sony networks.


annb said...

Good advice. What are your suggestions for keeping up with all the different passwords? I use 1password ... anything else I should consider?

Unknown said...

Hi Ann, I also use 1Password to manage my passwords. Any reputable password manager should be fine, although I think a modern password manager should support (1) mobile devices and (2) web-based access.


Related Posts Plugin for WordPress, Blogger...