With only one “forgot password” moment, you are risking way more than you think.
A Trust in Simplicity
Honan was not completely clumsy. It was not as if he actually posted his passwords directly onto the Internet for all to read and use right away. Instead, he simply put his name up and agitated hackers, practically challenging them to show what they could do. And they did it well.
The hackers started with Honan’s Amazon account of all places. Then the went after email. Suspecting that Honan had an email account on a major server like Gmail, they identified his email home and broke in. With this account compromised, they were then able to identify accounts that Honan had everywhere else, including Apple and Twitter. Whether it was private information or a social media platform, Honan tied all his other accounts to his Gmail account for recovery. A common practice of these systems is to create a temporary email recovery approach when a password is forgotten, so all they had to do then was click the link. The company would send the temporary password link to Honan’s email account, and the hackers soon had access inside his private life in every digital facet by resetting passwords.
When Honan discovered the breach, it was by doing what every person on the Internet does every morning, logging in and finding out his original account login and password didn’t work. Then, using the same forgot Gmail password recovery link, he then found out his email account was compromised as well. That’s about the point when the reality of being hacked kicks in.
The “Forgot Password” Moment: Relying on People’s Laziness for Opportunities
Hackers and amateur digital thieves often find their greatest advantages in the fact that people are flat out lazy when living their lives on the Internet. Making simple mistakes like linking every account to a single email account for recovery or using the same password for everything create a house of cards for a person’s digital life. When one card is pulled, the entire house comes down, regardless of how strong the other defenses are protecting that digital account. After all, a password and login are the approved accesses to get into a system, no digital defense will bar it since that’s the whole point of an authorized access in the first place. Aside from having a biometric pass system like a retina checker, the system is only as good as the login credentials being kept secret.
Ideally, a person should never have any of his accounts linked at all, much less use the same password on each account, but this isn’t practical in daily life. It’s extremely frustrating to have to call a phone number, wonder if it’s the right calling center, provide personal information, and then get a new password. While a few venues still follow this matter out of a heightened security policies, many just provide a website link that triggers the temporary password to be sent out.
People like things to be easy and businesses as well, and website companies know this. Further, those who spend a lot of time on the Internet prefer to do everything themselves. As a result, businesses that hand account control over to users often attract such users who don’t want to talk to someone over the phone in an old-fashioned manner. Companies note these preferences to their profit-making models and make adjustments accordingly. Thus a similar tool to a forgot apple password link or a forgot yahoo password link is commonplace.
Young Account Users
Kids and teens are extremely vulnerable to hacking because they many don’t fully understand the ramifications of protecting one’s digital security. They share information with friends, expose their passwords, and use bad judgment in sharing accounts. Soon enough, bullies and those not wishing a child well get into accounts, often using the same links for a forgot password trigger, and then the child’s social world turns upside down.
No surprise, bullies in childhood and teen years can be extremely harmful, but the digital world seems to have made such personal attacks even more painful and damaging. And some bullies are tech savvy enough to figure out technology enough to be extremely damaging to others. There are multiple cases where bullies have used digital tools to hurt a teen so much that the teen finally decided to end the pain with suicide. The psychological effects are extreme when a person places extreme value on digital accounts and related information.
When kids are burned by such a compromising action on their digital world, they learn a hard lesson and, unfortunately, they become less trusting of people in general. However, that sort of mental protection is needed to avoid becoming a victim again. It’s a hard way to learn the weaknesses of the Internet, but it sticks well in young minds after going through such an experience.
Whether it be relying on a Gmail “forgot password” tool or a forgot apple ID password tool, kids need to be taught early the value of online secrecy. This is likely going to go counter to what parents want, since teens are very likely to use the same tools to keep parental eyes from prying on what they do, but the risk of an outsider getting into a teen’s account is serious. With the number of predators out there who would like nothing better than to take advantage of a teen, early protection education for online behavior is critical. Those teens who get the message early are often the ones who understand can protect themselves better. The risks are more likely to rise as they grow up, have bank accounts, and manage other things online.
Kids are not alone in learning and understanding how the risks of the digital world occur. Parents need to educate themselves as well on how passwords, logins, recovery systems and digital security work. There should never be a full trust of a website, no matter how much a company says it is kid and family friendly. Just like they are with their child’s friends, especially in the teen years, parents need to be proactive and wary of Internet use as well, not just rely blindly on an iCloud to take care of everything in case of a “forgot password” moment.
Ways to Protect Yourself
The best protection approach starts with email since this is the critical communication link that connects one with everything else on the Internet aside from a direct login. However, the broad majority of email servers are often the most attractive because they are free. So the next best step is to have different accounts for password recoveries. This at least breaks the chain of recovery links all going to one email account that, if compromised, opens up access to everything else.
Changing passwords regularly is also a good idea. Again, laziness can kick in and its easier to use the same password because one can remember it better. However, a regular flushing of passwords avoids accounts being compromised so easily. When a password is changed, it resets the table. Any knowledge known about a previous password has just been effectively erased.
Passwords should also be mixed up with numbers, letters and symbols. Just using a regular word and nothing else is a fast way to losing security. There are enough programs out there now that can run guesses with dictionary databases and figure out the configuration of a known word very quickly. However, when a password represents a seemingly random set of figures, it becomes much harder to crack. And the longer the password is, the more probabilities of what it may be there are.
Additionally, the given service one uses that has a recovery link should send out an alert immediately that a wrong password attempt has been made. Not every service is willing to do this, but a notice is the fastest way of realizing some part of a person’s network is being probed or under attack. The most protected systems regularly use these tools and provide them to customers.
Avoidance, Protection and Awareness is Key!
A person’s digital life is only as good as his or her attention to details. Hackers often gain access not because they are able to perform some great magic, such as that portrayed in the Matrix movies; they are instead good students of people’s behavior. By understanding how people behave sloppy with their own personal security, hackers easily find weaknesses and ways into people’s private lives. No surprise, account compromises and identity theft are rampant as a result.