Digital bliss or dadada? #ChatSTC

Wow! As mind-blowing as it sounds, it seems that Mark Zuckerberg’s password for his Twitter AND Pinterest accounts was: Dadada. As a reminder: Mark Zuckerberg is the founder of Facebook! The hackers claim that they simply used his password (or some minor modifications) from his LinkedIn account.

If all of this is true, then Mr. Zuckerberg violated the two most basic rules of password security:

• each and every online account deserves its own password
• passwords should be long and strong

(The NFL’s Twitter account was hacked, too!)

What lessons should we be taking from this?

June is National Internet Safety month, and from the news of breaches and hacks from just the first week (the LinkedIn breach led to hacks of Twitter and other services), it’s pretty obvious that there are a lot of us are acting ‘not safely’.

So, it’s a lucky thing that the National Cyber Security Alliance (@StaySafeOnline) hosts events like their #ChatSTC series of awareness Twitter chats. This month, we’ll be sharing password and security insights with an All-Star cast on the topic of Digital Bliss – Staying Safe Online This Wedding Season. Here’s a replay of the twitter action. (The live event took place on Thursday, June 9)

Other than that he should know better, what lessons from Mr. Zuckerberg’s very embarrassing hack can brides and grooms apply as they get ready for their big day? And the rest of us, too!

With the excitement and all the positive vibes associated with a wedding, it’s easy to throw caution to the wind and neglect security. After all, a wedding is a celebration and such a good thing that it’s hard to imagine that someone would want to spoil it. Add to that that way too many of us have a little ol’ me attitude when it comes to security:

“who am I to be a target for hackers? It’s not like I’m some rich Hollywood actress getting married, it’s just little ol’ me. No hacker is going to waste time on attacking my accounts.”

When you get down to it, though, it’s simply about easy money. Hackers and bad guys are always going to hang out where there is money to steal, which makes any wedding – your wedding – a great target.

Hackers like to attack where there’s lots of stuff going on. In this way, busy inboxes are just like crowded malls – great places for bad guys to go unnoticed. Weddings, and other events that require lots of planning, typically involve 3 key enticing components for thieves (and wedding crashers):

• lots of activity going on – lots of emails, calls, messages, new apps, cool things to try, and websites to visit, and unexpected – suspicious, bad! – activities have a way of getting lost in the shuffle of all the volume of stuff
• lots of decisions that need to be made – many of them at the last minute – increasing the risk of clicking on the wrong link or making a mistake
• lots of emotion – “I want it my way” “I want the best” so you’re more likely to click on bigger, better offers that might be crooks

We’re big fans of Stop.Think.Connect. from the National Cyber Security Alliance: before you click on a link (or icon), be sure to stop and think for a moment. Is it legit? Is someone really going to give you $$$ for nothing? Do the link and the url match? Would your bank really ask for your password in an email? And so on. A little pause before you click can save a lot of pain and anguish by helping avoid a phishing attack. Check out this quiz and guide on how to avoid phishing attacks.

As long as you don’t look at them as a way of skimping on security – for example, by using weak passwords – temporary accounts are a great way to segregate new wedding activity from your regular emails and accounts. Also, separating wedding spam from your regular spam can help lower your anxiety level of everything you have to manage.

Here are the basics for protecting your online accounts:

• each and every online account deserves its own password
• passwords should be long (we recommend a minimum of 12 characters) and strong: don’t use dictionary words or anything that could easily be guessed (like a pet’s name). Strong passwords are random strings of upper/lower case letter, numbers, and special characters. The more unpredictable, the better and stronger the password.
• activate 2-factor authentication for accounts that offer it
• use a password manager to remember all those long and strong passwords

Also, depending on how far in the future the wedding, getting a credit card that you’ll use only for the wedding is also a good way of keeping track of the activity and possible misuse of the card.

Hey, be careful out there!