Protect yourself from security failures

While it might not be on mainstream news, internet nerds like myself have been hearing about security breaches pretty often lately.

Online sites, large and small, are getting their password databases stolen. It's likely been happinging since the dawn of the internet, but with larger and larger sites, there's larger and larger password databases around, and those are juicy targets.

Usually, I'd write this off as a case of Schadenfreude and laughing at the big company that can't get basic security practices right. Some of them are doing most things right, though, and with advances in computer hardware, the cyber-criminals are always catching up. Unfortunately, the failures of these companies present a real threat to you and me.

Oh god, are we all about to die?

Don't worry too much. The sky isn't falling. Hackers aren't about to take control and destroy the world. You might have your e-mail stolen though. Or loose your Facebook account. You can do a couple things to make your accounts more trouble than they're worth though.

Protect your e-mail account

First, you want to protect your email account. All of your online accounts (Facebook, Twitter,, etc) probably all have your e-mail attached. If someone gets control of your e-mail account, they can go to Facebook, click on I forgot my password, and now they've got control of your Facebook account. So since your e-mail account is the "master key", it's important.

Choose a password for your e-mail account, and only use it for that. Don't use it anywhere else. Use some other crappy password for your other accounts if you want, as long as it's different from the email one. This means you're safe in the following scenario:

  • has a security breach
  • Your account, ChickenPorkFriedSteak was one of the accounts leaked. Everyone now knows you use ilovefood as your password
  • Some jerks try to log into your account with ilovefood, but YOU ARE PROTECTED because you used a different password for GMail

"But I still got my Facebook account stolen!"

Well, you can use another different password for that as well. And if you really care about your Twitter account, use a third password for it. If you really want to get into it, you should use a new password for every site, or atleast every site you care about. If you do this, one leak won't affect any of your other accounts. Good luck remembering all that though, so you'll probably end up writing them down. If you're going to write down, what I do is:

  • Download KeePass
  • Install Dropbox
  • Create a password database on your Dropbox
  • When you create the password database, choose a password you don't use anywhere else

This seems like too much work...

It probably is, so if you want, go with the bare minimum:

  • Choose password #1, and only use it for your banking websites
  • Choose password #2, and only use it for email
  • Choose password #3, and use it for most of the rest of your crap

With this, if a site using password #3 gets compromised, you might loose access to all the other sites using password #3. Your email and banking would still be safe though. This kind of "security zone" approach is a nice middle ground between one password everywhere (insecure, but no work), and every site having it's own password (very secure, but lots of work).