This past week, one of the models who I have done a few photo sessions contacted me that her ex had some of the images of her from a previous photo session. Her ex had indicated that it was a model that was unhappy with me as a photographer and that this model hacked into the account to get the images. That model wanted $100 for the images that she had downloaded. As a photographer, I take the utmost care with all images I capture, and the systems I use are protected as well as any can be. In investigating what happened, the model indicated that she had given the account and password to a few friends. After checking my systems, and tracking back, I was able to find out that it had been someone who the model had given the account and password. There were no indications of brute force attempts or any failures at the hosted site that a “crack” or compromise was going on. This post is about accounts and passwords in general from my information technology (IT) background, but I wanted you all to know what motivated my writing this post.
Accounts and passwords, from an IT background, are single person items. They should have passwords that are secure. You should regularly be updating your password. At least once a year, double check the password recovery information to make sure it doesn’t point to an account you closed or no longer have access. Be vigilant to not type your account and password (or birthday or social or credit card numbers) into forms that link from email. Have a virus scanner that checks for malware and viruses actively. These will mitigate some of the risks. Unfortunately, in the digital age, there are no 100% solutions for security. The only way to keep from having anything released to someone else is not put the information on the Internet.
The first thing about computer accounts is that they are assigned to individuals, not groups of people. The reason is that they are then accountable to that one person. If you share an account, it is no longer accountable to one person and any sense of accountability is gone. If you are given an account, you do not want to trust it with anyone you wouldn’t without them also being responsible for your life. If you can’t trust them with your life, then you shouldn’t even consider them having access to your account. I would discourage you from giving the account to even them, but I know some married couples do exchange their accounts.
Another thing to consider is creating secure passwords for your accounts and regularly updating them. To create a secure password, it needs to have letters, numbers, punctuation, and different capitalization. The easiest way to create a secure password is to think about a song or poem that you know and enjoy. Find a phrase in it that is at least eight words long (possibly with punctuation). Write down the first letter of each word, and if there is punctuation, write it down, too. If you have an “i” or “o”, substitute a “1” or “0” for it. For example, a phrase from a song by the Zombies is “Now is the time of the season for loving!” When converted into a password, it becomes “N1tto0sfl!” And that is a very difficult password to guess. On the other hand, it should be a fairly easy one for me to remember because I know the phrase and how to generate the password from my memory. You do not want to use passwords that are single words and all lower case, ones that specify details about you, your significant other, your children, or your pets. These can be cracked fairly easy with a little social engineering. Each account should have it’s own password, but if you are like most people, you have over 100 accounts for this and that. Try to have several passwords in use in case one is compromised, they won’t be able to get into all your accounts (if they know about them).
I hope that you never have to recover passwords, but there are times you need to do it because you can’t seem to get any of the passwords you have used to work with an account. There are also times when systems are upgraded or where a company changes owners that accounts loose their passwords. This has happened many times to me. So, you always want to check the recovery options at least once a year and make sure that it points to the right email account or cell phone number. There is nothing worse than having to walk away from five years of posts to a social network because you can’t remember the password and have no way of recovering it.
Malware and phishing is something that is always prevalent in the digital world. Because of this, precautions need to be taken on systems that you use. This means having a virus scanner and anti-malware tool running on it actively (ie-it checks the files as they are created and before you open them). Most of the major vendors tools do this. If you can’t afford a subscription or don’t want to pay one, look into Microsoft Security Essentials (free for Vista, Windows 7, and Windows 8 OSes) or AVG Free Antivirus. Both are excellent products. Another part of taking precautions is to not open links from people who you don’t know and verify someone sends you the link (or file) before you click on it. Those links could go anywhere, and even if it sounds enticing, don’t click on it. Frequently, these are malware laced links intended to compromise your system. You also have phishing where the email looks valid, but takes you to a website that the deceiver has set up to get you to enter your personal information. Don’t do it. Always contact via phone the company and verify they have sent you that message.
Finally, if you have content or data you never want released to the general public, the only solution is to not put the information on a computer that is attached to the Internet. While this might not be practical for everyone, this is one way to keep something out of everyone else’s hands. If it isn’t on a computer, then it reduces the chance of someone getting access to that information to strictly by physical means. Make sure you protect what ever it is by keeping it safe and secure.
March 1st, 2014 → 11:26 am
[…] https://xoindphoto.wordpress.com/2014/02/25/accounts-and-passwords/ […]