May 2, 2005
Managing your identity
in the online Old West
Alan Cattier is co-director of academic technologies in the Information Technology Division.
Recent headlines reinforce something we all know: Criminals are trolling for personal information more than ever before. In February, ChoicePoint, an identification and credential-verification service, reported some con artists had tricked them into handing over 145,000 records containing Social Security numbers and other personal information on people in all 50 states. In March, Lexis/Nexis reported individuals entered its database and stole identifying data for another 32,000 persons. Just recently, Bank of America reported it had lost computer data tapes containing personal information on 1.2 million federal employees, including some members of the U.S. Senate.
Instances such as these create the impression that individuals are largely powerless to protect their own personal information if the institutions in which they knowingly—and, in some cases, unknowingly—share their information do not have adequate security procedures in place. Undoubtedly, a portion of this impression is true. Yet this realization should not overwhelm the very real need for individuals to take steps to minimize the risk of their personal data being compromised.
Following are some tips for managing your online identity with the diligence that the present moment suggests:
First, individuals need to have good passwords. What is a good password? A good password is one that is totally random to anyone else except you. Emory requires that everyone’s NetID password be six to eight characters long, include letters and numbers, and that they not be words that can be found in a dictionary. Frustratingly, many individuals seem to limit good password behavior to accounts where they are required to do it, like the NetID. Practice good password behavior on any account where you offer information you consider valuable—your online identity is only as good as its weakest link.
Second, passwords should be changed with some regularity. At this time, Emory does not require that you change your password, nor do most Internet presences where you might maintain an account. That this not a requirement, however, does not make it any less desirable, and many institutions are looking at requiring password changes as a prerequisite for access. Changing passwords allows you to assert control of the “keys” to your online identity—one of the few places where you can actually act to maintain its integrity.
Third, passwords should never be shared with anyone. Ever. In our current environment, where there is so much effort to capture aspects of your identity, no credible organization should ever even ask for it. Don’t offer it; if asked, ignore the request.
Fourth, everyone needs to recognize how sophisticated some of the schemes have become to get you to provide personal information about yourself. Called “phishing,” many of you will recognize this type of scam as a variation on the spate of recent requests many of us have received from alleged “banks” asking for an update of financial information.
Online criminals have mastered the art of copying the credentials of an “official” communication from Internet presences like large banks and credit card companies, and they have also perfected the technique of fabricating the web address of a site so it looks exactly like the real thing. The nature of the counterfeited communication and web presence is only online for an hour or two before it quietly disappears from the Internet, but in those few hours, hundreds fall prey to its subterfuge and unknowingly compromise their own identity. This is a time to be skeptical about all such requests, and unless you are absolutely certain of the authenticity of the site and the communication, you should provide nothing. Never, ever provide personal or financial information in an e-mail.
It is one of the unfortunate signs of the ever-growing place of the Internet in our lives that scammers, con artists and organized crime have turned to the online world for their latest strategies to perpetrate their crimes. Common sense—and a healthy dose of skepticism—can be powerful supplements to these four proactive steps, and in our current environment, these two qualities are required.
People used to joke about the Internet being lawless like the Old West, but unfortunately, as many are discovering, these latest developments are no laughing matter.