Kickstarter hacked, passwords exposed, so are we ever safe?

Over the weekend, account holders at the crowd-sourcing website Kickstarter may have received an alarming surprise, with notification that they should change their passwords as the service had been hacked. Credit card details hadn’t been stolen, but information had, data which could be pieced together to let someone in.

And this has happened more and more over the past few years, with information taken from companies such as Sony, Adobe, Yahoo Mail, Snapchat, LinkedIn, Evernote, and countless others.

In fact, it seems there’s a hacked database every month, followed by an email from the affected company telling its customers to change their password.

So it raises the question: is any account online safe?

Kickstarting security

We’ve seen the emails before. Time and time again. They come into our home email, and our work email, and any place we’ve had an account, the text of the email basically a strong recommendation to have you change your password.

Now. You should do it now, it says. Change the password now to reduce risk.

Recently, we saw it from Kickstarter, the place that helped this writer fund the Pebble Smartwatch, a microscopic lens for smartphones, and a new blogging platform.

For those who don’t know, this is a place where we get to see ideas from people who want to create things, magazines, books, games, movies, and products that will make an impact on the world and on society. You get behind it, plonk down some money, and eventually receive a gift, a pat on the back, or an early version of the product at a less-than-retail price.

But this weekend, that place was invaded, breached by someone who wanted access to the accounts of the souls who found it worthwhile supporting others, taking what Kickstarter said includes “usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.”

That last one isn’t as concerning as an unencrypted password, but with enough computing power, something encrypted can very easily become unencrypted, and voila, your password and email address are logins to let someone do something malicious.

It’s especially troubling when you consider that many people keep the same passwords across our accounts, making it likely that they then have to change passwords across every single one.

There’s a huge hassle in this, highlighted by the simple notion that you have to remember precisely where you kept the account with said password.

“There is no easy way to change passwords on many sites at once,” said AVG’s Michael McKinnon, who added that consumers have been getting into the good habit of making better passwords.

“A lot of our traditional advice on passwords has been about creating strong or unique passwords,” he said.

“Part of the reason is because passwords are being used by users in different places and its the same password, so when one password is compromised in one place, it gets compromised in other places as well,” with McKinnon adding that “it only takes one data breach to compromise you.”

Dealing with it

To solve the dilemma, the solution is to have multiple passwords so that none are easily linked.

There are several ways to do this.

You could have lots of passwords that are hard to remember.

That’s not such a bright move, especially if you need to keep hitting that “forgot password” link and resetting the password all the time, which wastes yours (time, that is).

Numerous internet security groups make password managers, which is another form of the solution, basically allowing you to store all your passwords in an app, which itself is protected with one master key. This could include your Facebook, Gmail, Twitter, bank — anything — with some of the apps even including a password generator, a feature that creates a string of characters that you’re not likely to be able to remember, but is a whole lot more secure than most of the passwords you’re thinking of right now.

Symantec, makers of the Norton suite of internet security products, suggests hard to guess passwords, with the company’s David Hall telling us that “having strong passwords is key to keeping confidential and personal information safe.”

“Make sure you select a password that cannot be easily guessed, with over eight characters or more, with a combination of letters, numbers and symbols,” said Hall. “Avoid using your login name, anything based on personal information as well as reusing passwords for different services.”

AVG’s Michael McKinnon has another solution, though, suggesting that you start with a basic word or password you’re already familiar with, and then adding the initials of the service somewhere in the password, basically making the password unique to the service.

For instance, if your password is regularly “cameraman66,” you might make it “cameraman66FB” for logging into Facebook, “cameraman66gm” for Google Mail, or even “cameraman66TT” or “cameraman66Twitter” for logging into the social networking service that is Twitter.

“All you’re really remembering is your familiar password, and the technique that you need to have to adapt your familiar password to whatever it is you’re logging into,” said McKinnon.

“You’re essentially using a different password for everything you’re logging into.”

Constant risk

Ultimately, having an online presence carries risk, and that risk appears to be staying safe online.

Unfortunately, so much of what we do these days relies on having an online presence, so you don’t have much of a choice, and you should always be thinking of what you can do to make security better.

“We can never say that something is totally safe,” said McKinnon, who pointed out to us that it’s often the one that says they’ll never be infected by a virus that eventually is.

These days, everything we do online will always be under threat some how. Nearly every internet security survey and form of research that has come out year on year indicates that online security is becoming something that we all have to be aware of, especially as your online identity can be worth so much to thieves, granting access to credit cards, bank accounts, and much much more.

A recent survey from the makers of Norton Internet Security (Symantec) revealed three out of four people were more concerned about online privacy than they were five years ago, and that one in ten Australians had experienced privacy issues with mobile applications.

With this threat so obviously in sight, it is up to everyone to make sure they’re more responsible online, both on a computer and on a mobile device, and if that starts with slightly better passwords that are more unique across the board, so be it.

If your account is compromised, though, deal with the situation promptly.

“Changing your password on a regular basis is a good practice,” said Symantec’s David Hall. “If you notice something suspicious with one of your online accounts, one of the first steps you can take is to change your password.”

And if it happens, change it quickly so as to minimise any and all damage that could come from the fallout.