Tuesday, January 06, 2009

A Few Words of Advice

I know you all don't come here for tech support advice. But once in a while, I'm going to share if I think it's worth sharing.

Unsolicited computer advice after the jump:

Online Life Lesson #1: If you have an eBay account that you don't ever use, shut it down. If you think you may go back to eBay someday, at least make sure you don't have the account linked to a credit card or PayPal.

The last thing you want is to find out someone cracked your password and bought a $700 cell phone in your name.

If your eBay account is linked to PayPal, you can expect your PayPal account to be locked up until you verify a bunch of stuff. And if you screw that verification process up, you can expect your account to be inaccesible for a while.

I'm not saying don't use eBay. Some people dig it. I'm saying if you don't use it but still have an account, either close down the account or make sure it's not tied to any credit card or PayPal.

That's probably good advice for any kind of online account that you don't use anymore.

Online Life Lesson #2: Say you have an account with an online store (Let's call them company X). Your user id on company X's web site is jdoe and your password is abc123.

(Of course, if your password is really abc123, you deserve whatever happens to you. Same goes if your password is password, your birthdate, or written on a post-it note stuck to the bottom of your keyboard at work.)

Let's say you call company X's tech support one day for some help with a minor problem and the helpdesk person says to you, "...and your password is abc123." The minute you get off the phone with X's tech support, either shut down the account or change your password.

In this day and age there is no logical reason why a helpdesk person should be able to see your password. They should be able to reset it to something generic. But they should only see ********** when they look up your account.

If you're a normal person you probably have between one and four passwords that you use on a regular basis. You have one basic user id that you use for most stuff, and variations of that id that you use when you couldn't get the original id when signing up for a new account.

Let's say I work at a helpdesk and just found out my job's getting outsourced overseas. Let's say I have no morals and am furious that I'm about to lose my job. What is to stop me from grabbing as many user id's and passwords as I can before they take my access away? (Most IT people wouldn't do it, but we all realize there are always a few douchebags in every population.)

If I'm one of those douchebags and I know you log in to company X's web site as jdoe and your password is abc123, I could try logging into some other major retailers' web sites as well as PayPal, eBay, popular online bank websites, American Express, etc. etc. etc. with that id and password. If you log into a few places as jdoe with the password abc123, I could make your life hell.

So, if you call company X and the helpdesk reads your password to you, come up with two new passwords. On the company X account, make it the first new password and on any other site where you used abc123, make it something else.

Again, I know you don't come to this site for geek speak. But I know how many of you clicked on the Windows Update link after my post about the Internet Explorer problem. One or two of you may appreciate the advice.

Learn from my mistakes if you want to. And don't forget to vote.

-Code Monkey

No comments: