DISCLAIMER: I’m getting a little technical but this is not a comprehensive article on Internet security. It does provide some simple (relatively) ideas to help you secure your home network.
Yep.. the Internet got nailed last Friday and it was mostly due to home connected devices… IOT – The Internet of Things. Get to know that buzzword, it’s worth $175/hr. if you’re a tech security consultant.
The hack – like most hacks – is primarily due to weak default passwords that never get changed upon installation.
Read a little bit about it here:
What should be done?
There is both an industry fix and a user (person at home .. um.. that’s you) fix.
The Tech Industry
For years I’ve been suggesting that devices should NOT work by default. When you un-box that router or thermostat or home camera, the first step to make it operational should be a setup that walks you through setting a strong access password. When/if you need to reset the device, it forces you to go through the same setup.
Let’s assume there are 20, 30, or even 500 default username and password combinations. When a home user visits a compromised website (you porn watchers and your “tech genius” kids stealing music), it only takes seconds for a script to scan your network, find devices, and try passwords against them. Voila! They’re in and your device is now theirs.
If the industry did not allow a device to be operational until a password is set, the hacker’s job becomes more challenging. Simple, eh?
Well.. no – because it puts a MUCH greater customer service burden on the manufacturer. People don’t like having to set passwords.. It is complicated to them and they will call customer service for help. That cost time and money.
Secure sounds good on paper… but it is a pain to enact. Virtually every time we set a password policy for a company, it is most often broken by an executive who wants his policy changed. He has too much on his plate to remember to change his password every 45 days.
Yep.. I’m talking to you Mr. CFO. And again, your child is NOT a tech genius – or he is – but please stop allowing him to “optimize” your computer. Hackers love technical geniuses.
So the industry could do a LOT to fix this.. And eventually they will but for now, it is too costly. We want cheap, not secure devices. Okay.. everyone will say they want secure but it is sort of like salad at McDonald’s. They add it to the menu and it will pull a few people in, but when they get there, they still order a Big Mac.
So… What should you do?
A simple password policy/strategy
Have a key account and then separate passwords by social media (less important) and banking and personal (more important).
For me, it’s a Google account I have. I have a idiotic passphrase for that account. No other accounts share this passphrase. And I change it every 30 to 45 days. Here is an example of one of my former – never to be used again – passphrases. And yes.. I’ve modified it so you cannot use it to try to hack my account.
That’s 32 characters. Upper and lower-case but really only a single special character. Hacking a long passphrase is much harder than an 8 to 10 character phrase even with special characters.
I have had some very strange and possibly self-incriminating passphrases. 😉
This is my recovery account for almost all other accounts.
Watch John Oliver’s interview with Edward Snowden. While funny, there is actually some good advice here.
Social Media Passwords:
I don’t store much personal data on social media. So I change my passwords less frequently. My social media passwords are similar to each other – but completely different than my key account phrase above. They are typically 10-12 characters.
I use somewhat similar passphrases between my banking accounts. I change them every 30-45 days. Passphrases.. catch that. Not passwords.
Home Devices Passwords:
Couple things here.. I change the root/default login on every device I plug into my network. I probably do not change those passwords often enough. I don’t let my kids know what they are – damned computer geniuses.
Generally speaking, a simple -but diligent approach to your passwords would help you A LOT to avoid being part of the problem – and protecting your information.
Or go off the grid
The other option is to unplug – go off the grid.. Grow a big shaggy beard and talk about the silent black helicopters and aliens… But then you’d have to stand on your front porch and shout your angry political rants to the neighbors – or go visit them to show them what you are eating.
And no one wants to be that guy/girl.