Two days ago, hackers gained access to the servers at Gawker Media and, with it, access to the account information of over 200,000 registered users of the various sites that make up the snark-powered outlet.
Yesterday, those same users started to see their (online) lives devolve into chaos. Using the personal information recorded in each Gawker user’s file, the hackers were able to turn around and access entirely unrelated e-mail, Facebook, Twitter, and even Paypal and bank accounts.
If you’re inclined, it’s easy to look around the internet today and locate a lot of pointing fingers, all trembling with various levels of rage or disapproval: Gawker’s IT staff made some entirely indefensible security decisions (storing the password information with no encryption); the users who saw their non-Gawker accounts accessed also practiced poor password security; et cetera, ad nauseum.
Now, Gawker has little or nothing to do with the MMO industry (and, like most topics, pays attention to it only long enough to write something snide and forgettable), but their mistake and the plight of their users are relevant to the MMO community, because it reminds us of an important fact: your password security is only as good as that other guy’s password security — as soon as you use a password to build an account with a new site (Twitter, Facebook, or maybe that new free-to-play MMO you want to check out), the security of that password is now in the hands of someone else, which means that it doesn’t (entirely) matter how careful you are; what matters is how careful everyone else is.
And, of course, not everyone else is careful.
So, in honor of the Gawker security debacle, we’re declaring this International Change Your Account Password Day, and reminding you of a couple key points of internet security.
Never Share a Computer Account, and Never Tell Anyone Your Password
It doesn’t matter how trustworthy your friend/sister/brother/bestie/*friend/S.O. may be; the fact is they might accidentally reveal your account password to someone, or they might get angry with you for any number of good or bad reasons and decide that doing something mean to one or all of your virtual selves might be just the way to get back at you.
Never Use the Same Password for More than One Account
This is one of the main reasons that so many Gawker users were compromised on sites that had nothing to do with Gawker — they used the same password on multiple sites. Do we do the same thing? Yes. Should we — must we — stop? Yes.
Never Write Down a Password
It’s tough; you need to use many different passwords, but at the same time, you’re not supposed to record them anywhere. We recommend a secure password-management tool, such as LastPass or Roboform.
Never Communicate a Password via Email or Instant Messaging
Remember: your password security is only as good as that other guy’s password security. It doesn’t matter if you keep your information secure if your friend’s email account gets hacked.
It’s time to Change your Password(s)
Regularly changing the passwords on your “key accounts” may be pointless, but making sure all those passwords are different definitely is not. We usually think of our email, home or work computers, and banking accounts when we think of “key accounts”, but let’s be honest: we are MMO players, and our characters (and their stuff) are important to us — why not protect them with the same basic care and intelligence as we would our Twitter account?
The end of the year is coming, and with it the chaos of the holidays. Take advantage of a quiet Tuesday, update your passwords, and make sure you won’t have any unpleasant surprises on January 1st.