6 replies to this topic

[skore]

I was reading an interesting article this morning that posed the question: Is social networking a threat to your security?

Basically the article stems from statements from Equifax urging people to limit the amount of information they are posting online to help protect them from identity theft.

Personally, I am careful about what I reveal (when I reveal my true identity ) but that is more for professional reasons rather then worrying about ID theft.

Do you worry about people stealing your identity because of social networks? Are you extra cautious about what you say online?

[eKstreme]

This reminded me of a phone call I had with my mobile phone company. They started asking me questions that a somewhat good friend/contact of mine would know the answer to (like my birthday, etc). I mention that all these questions are useless and just a hassle for me the customer. The guy says "it's for my security". I then explain to him that apart from the password, anyone who knows me a little bit can answer all the questions, and therefore the only safety measure is the password and the rest are a hassle. This seemed to veer off his booklet of scripted responses and was quiet for a few seconds.

The real security is not what I reveal online, but what companies accept as unique info that only I know. As long as they are stuck in the mentality that the only person who knows my postcode is me, we'll have a serious security hole (think about it, these days, not only anyone find out my address, but can also see what my house looks like, in 3D). The only real security is some kind of password or passphrase. Personal info is no longer a guarantee of authentication.

The other side of the coin is us, the consumers. We need to accept that we have to remember passwords, and that they cannot be our pets' names or mom's birthday.

Here is a tip of what I use for passwords: when asked to create a password, I look around the room and pick out two objects. The password is then (say) "phone LCD" or "glass plant". You'd be surprised how easy those passwords are to remember. And they have the slight advantage that you can choose them to be worded into a sentence: "My phone's LCD is broken." Anyone listening in on the conversation hoping to pick up the password will be disappointed

I'll end my blabbing with this: security is a frame of mind, a way of life. You're either secure or not. To give an analogy, why lock the windows if you leave the door wide open? Lock everything!

Pierre

[A.N.Onym]

Hate to remind you all, but think about Kathy Sierra. There was not an instance that a company security was involved. It was a single person, as far as I know.

I've been thinking about this lately. If you are popular, it is easy to become a victim of a shmuck, whatever you do. The thing is, though, that, perhaps, sacrificing the opportunity to be available to more people due to fear may be not the right course of action.

All in all, though, I'd try to make only obvious information public and share the least possible details (only necessary data) via secure channels.

One trick I found useful for digital passwords is to type a word in my own language without switching keyboard layouts. It creates an obvious garbage, but if combined with the right layout, reads a word. I don't think it can be cracked easily even by people using the same language.

Edited by A.N.Onym, 24 July 2007 - 10:20 AM.

[bwelford]

Here's some good advice re identity theft.

[naturalwoman]

I'm definitely careful but I've been thinking a bit lately about other ways those social networks can come back to haunt you.

I read an article last week about a case in the UK where a court rules that any social networking content produced on the clock was the property of your employer.
http://www.theregist...mpany_property/

I've also wondered how many companies have policies to limit what employees can say on social/professional networking sites and profiles. I've heard that some companies will tail a competitors' employees online using sites like LinkedIn. Those new contacts that they just added could mean a deal is in the works, there may be people in their network that can recruit them.

I suppose if you think about it long enough you can think of all sorts of ways to exploit social networks. Of course these wouldn't be new ideas. By using these "free" online tools we're just making it easier for others to exploit us.

[tam]

It wouldn't be so bad if you didn't need passwords and codes for everything. It's not only remembering what they are, it's which is which.

Half the time you might as well type random letters cos you know you're going to need the password reminder/reset link to remember what you put in in a months time away.

Tam

[SEOigloo]

Something along these lines has been bothering me and I wanted to add it to this thread rather than starting a new one.

I was seriously put off a couple of days ago by the sign up form for the first SM site I've ever found that looked like it might be of serious help to niche small business owners in the 'green' industries. Care2.com looks like a really neat site (Thank you to Yuri and Bill who both pointed this site out to me).

The problem is, their requirements for joining seemed exceedingly invasive to me. You must give them your birthdate, your gender, your email and a bunch of other things I found to be too much to ask for. I stopped in the middle of the signup process because I found this so nosy. I'm happy to give them my email and a password. But why do they need my area code??? And, these aren't optional fields. They are all required.

I'm feeling let down because I thought this might be a good niche SM site (at last). I expected the signup to be like Reddit or something, where you just give your email and a password. Are others finding these invasive requirements to be common on other SM sites they've investigated? Is this normal?

Should I bother to let Care2 know why I didn't become a member. They've got over 7 million signups over there at this point. This thread makes me think that few of you folks would be comfortable joining something with a signup process like this. What do you think?
Miriam