It’s a new year, but some things haven’t changed

I saw a disturbing tweet flash by today. Apparently one of the third party twitter application providers is reselling data (here’s the link to the story). The article highlights a very valid concern with all technology: who has the information you provided and what are they doing with it?

Registering for many pieces of software includes providing a user name, password and your email address. The thing is – what are you using? The risk of signing up for spam is obvious, but that can probably be dealt with. Even if the person or company takes the information you provided and resells it, spam filters will help you avoid the junk you may see as a result.

What about the user name and password you set up? Do the "terms" you agreed to (usually that little check box, or on the "signup" button) allow the company or individual to resell that data? Even if there’s no mention of it. Did you use an account name and password that was easy to remember? Was it the same one you use for most online accounts?

You can probably see where this is going.

I’m sometimes guilty of "standardizing", meaning, using a common set of account names (and perhaps passwords) on different sites and in systems. If I really don’t know the source, I have certain passwords I will use. But I have re-used the same one. More than once.

There are recognized ID providers that are reputable and secure (think of MS Passport or OpenID to name but two). However, a lot of websites don’t subscribe to systems like this. They still require visitors to set up an account and password.

The first thing I thought of about when I got the initial "your data is being sold" message was "uh oh: Have I been too complacent?". So, just to be sure, I’m currently updating my accounts on different sites and using different passwords. This inevitably leads me to point out the obvious, but I figured I’d share:

• When you register for an account on a website, use a unique name if possible.
• Even you can’t use a unique name, definitely use a unique password for that site.
• Don’t the same passwords across sites.
• Keep a log of what sites you have accounts on.
• Change your passwords periodically.
• Never use a password that can be guessed. Mix letters, numbers and special characters. Use letters as numbers (for example “Pa55w0rd” uses 5 instead of S and zero instead of O).
• Use a secondary email address for sites that don’t matter as much or that you don’t need to use your main email for.
• Never send your account information by email or give it over the phone.
• Be careful. Be prudent.

Social media data ownership is being heavily debated both online and offline (here’s a good article by Dean Donaldson). Even supposedly "secure" data might not be as private as one would hope.

Not the nicest of articles to start the New Year, but some things never change, do they?

January 2, 2009 - Posted by Dave | Communication, Marketing, social media | | No Comments Yet