This is a test: Grab your nearest digital device that has your personal information on it. That would be your cell or Smartphone, iPad or Android Tablet, notebook or desktop computer or iPod/mp3 player. Touch the screen or tap the keyboard to wake it up.
Does it ask you for a Password to proceed before you can access it?
If “Yes”, congratulations, you passed and understand the importance of taking as many precautions as possible to keep prying eyes out of your personal data and digital world.
If “No”, then the next question to you is “Why does your digital device not have a Password set?” Would you leave your car unlocked on the Street? Would you leave the front door of your house or apartment open so that anyone could just walk in and look around? Well, would you?
If you secure every aspect of your physical world with locks, keys, and combinations, why would you not think to do the same for your digital world?
Password security is not just for your online web accounts. Password security should be engaged and used everywhere it is supported.
I am sure that some of you have lost your cell or Smartphone. Without a Password set on the device, whoever found it immediately had access to your entire address book: every name, every phone number, perhaps full addresses, possibly birthdates. In this address book list there are probably sensitive contacts like your Doctor’s, Financial Advisors, and Attorney’s. If you are like many people, in the NOTES section, some contacts may have Account Number and (hopefully not) Password and access information to these accounts. But we are just getting started as we are only considering the wealth of information in the Address Book/Contact List. In the wrong hands, this is an identity thief’s dream.
If you have a Smartphone, every text message sent and received and every email for approximately the past two weeks is fully visible. If the person who just found your phone is a criminal or identity thief, he or she might send an email or text message that appears to come from you fraudulently asking for “assistance” to one or more of your contacts. (A popular scam is to claim that “you” are in a bad cell zone and can only text, have lost your wallet, and can “your friend” please send $100 via a wire service or mobile payment service.)
Your Smartphone most likely connects to an App Store – either the iTunes store or the Google Play store. This person may now be able to obtain additional personal information about you from Apple or Google and possibly credit card information which can then be used to break in to other accounts at other web sites discovered from your Contact/Address Book list.
The above scenarios hold true for most iPads, Android Tablets, iPods, and mp3 Players that have a contact list, email capability, and connect to any kind of App Store.
With a Notebook Computer it only gets worse: Your portable computer has all of the above and plenty of bonus content for the person who finds it. The computer will most likely contain sensitive documents. If you only have a notebook computer and no desktop computer, then it will contain your entire body of digital knowledge: Every letter, proposal, memo, spreadsheet (i.e. Expense Report, Income Information), Business Plan, poem – just about every piece of digital content you have every created will be on this one device. But wait, there’s more: Every picture you have ever downloaded from your phone or camera: you, your family members, places you have been, all of your friends, and pets. This may seem innocuous but for professional thieves, the photos may reveal additional physical targets for burglaries. (Fluffy might become pet-napped and held for ransom.)
If you are a person who accesses a corporate network, which probably does use and require a Password, and that Password is stored in the access application, DING, DING, DING – it is the Mother of all Pay Days for the unscrupulous individual who is now in possession of your notebook. That person potentially has full, unrestricted access to all of your company’s sensitive information. This time it includes not only documents but may include corporate financial information and detailed personal information about clients of the company.
Finally for the Lightening round: I am virtually positive that many of you have your Apps set for “auto-login” where your User Name along with your Password are stored in the App. (If a web site, the user name and password are stored in the Web Browser.) You have just given the person in possession of your digital device the “Keys to the Kingdom” of your Digital World. He or she is now capable of viewing (and manipulating) your Social Media, WebMail, eCommerce accounts and any other web site that has stored access information.
As you can see, for lack of taking a few extra seconds to enter a Password every time you pick up one of your digital devices, you could be needlessly exposing your entire digital world and putting yourself and those around you at extreme risk.
You lock your physical world. Lock your digital world too.
Set a Password on every device that supports the use of a Password.
For some guidelines on setting strong passwords, read my articles, “Strengthening Common Passwords” and “A Complex Password may not be a Strong Password.”
Technical Tip: If your device supports the use of a Swipe Pattern instead of entering a combination of numbers and letters as a Password, definitely use a Swipe Pattern. (A Swipe Pattern allows you to use your finger to draw a series of lines across the screen in a specific order to unlock the device.) Hackers can use automated programs to guess at the number and letter combinations which make up a Password. As of this writing, similar programs do not yet exist to crack a Swipe Pattern on a digital device. Although if a program did exist, most phones would still lock out all further attempts after a certain number of failures. It was reported in March of 2012 that even the FBI could not get in to a phone that used a Swipe Pattern to lock it. See more on that story here.
Leave a Reply