What happened to the Senior Editor from Wired was horrible. I do not wish anyone that same fate, but deep down, I am happy that it got massive amounts of attention. I keep saying that security breaches only hurts us at the worst time, but it also serves a valuable lesson.
I want you to read the story from Wired Magazine. I’ll wait here, while you do.
In real life, you lock your house or car door. You don’t park in nefarious areas, you avoid areas known for crime. If you don’t lock said doors, the first time, someone in your life gets robbed (or worse you), you start implementing more security. I wrote about this in the password post, but unless something bad happens, you don’t change your life. When someone on the internet gets hacked, you make up an excuse. When your friends Facebook gets hacked, you don’t blink an eye. You just quickly tell them to change their password. You just are happy it wasn’t you. Someone very famous just got hacked, wrote about it, in amazing detail, and people can associate themselves. This whole saga lasted less than an hour. One hour! In one hour, someone lost EVERYTHING digitally important to them.
So why am I happy? I am not happy that someone lost all their child’s baby pictures. (As an aside, google plus would have helped). I am not happy that this guy’s life has been turned upside down. I AM happy that people can empathize with him. I AM happy that it has caused drastic and immediate change. I AM happy that the people who need to facilitate this change are outspoken.
For something technical to happen, the techies need to embrace it. The same lazy techies who know what they should do, but don’t. Backing up, password management, and a sense of invincibility where all demonstrated here (or lack thereof). This story, since Friday, has spread to every social network, and has people talking about it. This isn’t your friend having his Xbox account hacked. This isn’t someone you can create an excuse for. This isn’t some multi-national corporation who had a security breach. This is a very smart person, who reports about the same issues, having his life turned around. This could very easily happen to you.
When something can happen to you, you start to pay attention. How can it NOT happen to you. Explain to me how you can’t empathize with this story. I’m starting to get asked if Google’s two factor authentication is easy to set up, (YES)! People generally will do something technical if they can be walked through it with enough documentation and someone nearby willing to help. For what it is worth, I will help anyone who wants to turn on 2 factor authentication.
This story was truly a perfect storm. So many things aligned perfectly, but in hindsight, this is the scenario of most people. Most people have one email prefix, generally one password, or at least one password for email type accounts (I have recommended this in the past). Most people have an iTunes, Amazon, and Google account, all with the same credit card.
Amazon and Apple both changed their policies less than 24 hours later. Two major companies to change security less than 24 hours later means an executive order was issued. Tim Cook and Jeff Bezos picked up the phone, and did something. An order that will surely annoy people when they are actually locked out of their account. So while the address & last 4 digits of the credit card are generally enough, the perfect storm in the story, shows that even good enough, is not good enough.
If major internet companies changed their policies in less than 24 hours, maybe the individual can ask him/herself how to improve their own security. Security is hugely inconvenient, and I understand that. I’ve already showed you one way to minimize the inconvenience. Having different passwords would have probably stopped the attack.