password to yo' mother

September19, 2015

Been a while, eh? Between working 40 hours a week, recording an album 20+ hours a week, and sharpening up my n00b CSS skills, I don't have much free time. As if I didn't already have enough projects to work on, I decided it was time to conduct a security self-audit in the middle of all of this. Obviously, I'm not a wise man and am fond of driving myself crazy. Oh, and football season started. Man, I wish there were five of me to do all of this stuff.

Out of all the little projects and coals in the fire, the security audit is the most time consuming.

I don't know about you, but I'm increasingly worried about what information of mine is out there on the internet. It seems like every other day there is a new security vulnerability disclosed or website hacked. Were you one of the people who had their iPhone hacked? Some of us had a good laugh at the cheaters who got caught in the Ashley Madison hack, while a year earlier we condemened those who gawked at the photos leaked in the iCloud hack. System admins scrambled after the Heartbleed bug was discovered, which is a security vulnerability that existed in the wild for over two years before it was fixed. Did you know that more than a year after this bug was made known, there are still over 200,000 vulnerable devices on the internet?

During the holiday shopping season of 2013, my debit card number was stolen in a major cyberattack on Target. Thankfully, my bank sent me a new card and cancelled my old one before anything bad happened. Couple these hacks with all of the Edward Snowden revelations from the leaked NSA documents, and it goes without saying that I'm a little concerned.

Upon reviewing my online accounts, I realized I had dozens and dozens of logins. These have accumulated over the years, some site registrations going as far back as the 90s. Half of the services and websites don't even exist anymore. Others were bought and sold to a larger company. God knows what happened to my information in those ownership transfers.

It was high time I deleted some of these unused or old logins and updated my active accounts with better passwords. I've switched over to a password manager, and I suggest you consider looking into one too.

Since I deleted so many accounts, I got to go through the deactivation process for multiple websites. Every place does it a little different. For example, LinkedIn prompted me three times with warnings and consequences of closing my account before it was finalized, whereas 8tracks.com deleted it with no questions asked nor confirming that what I clicked was what I intended to do. These two examples appear to make sense when considering that LinkedIn is a serious social network and 8tracks is just a music streaming site.

But then there is a site like kongregate.com, a flash game site that I used a handful of times in 2009, which required three email exchanges with their customer support before my account was deleted. Or ancestry.com, which doesn't even offer the option to delete an account. Wordpress and Digg are two more companies that do not offer an easy or obvious way to delete accounts, along with TurboTax. The support forum for TurboTax suggested changing my password and abandoning the account. As a joke I tried to change my password to "qwerty" upon which TurboTax displayed a message saying that my "password is good." You may want to think twice about filing taxes with those guys.

So on the one hand, we have a website that handles sensitive tax information for millions of customers but allows passwords that can easily be cracked, yet the bookmarking site StumbleUpon has a two week turn around time for processing account deactivation requests.

As the internet becomes more ubiquitous in our lives there is more we must to do safeguard our privacy. Most of us have no idea what we're agreeing to when we sign up for services, or have any clue who the people are that hold our private details on their servers. Just some food for thought next time you sign up for a cool website or free app.

-h