Do you own a Sony Playstation?
Are you worried about the recent hack?
Should you be?
Absolutely.
And when you are done worrying about your PSN account being hacked, then get ready for an even scarier thought.
Consider this quote from Tom’s Hardware blog:
Last year, a major security breach at RockYou.com resulted in the release of 32 million passwords. With such a large data set available, security firm Imperva Application Defense Center (ADC) analyzed and found that, when given the chance, most users will choose a simplistic password.
The most common password? Over 290 thousand users had the password “123456″. Almost 62 thousand used the password “password”.
I’m not a psychic, (which would make me telepathetic) but I would guess that of the 70 million or so accounts on PSN, there were 70 million or so other online accounts that used the same password.
You know we all do it. We create these “utility” passwords that we use in multiple online accounts. Being human, we generally gravitate toward the path of least hassle – and hassle in this case is remembering multiple passwords.
As we move toward tablet and mobility computing, many of those wonderful apps we download require us to create accounts. I’m guessing that many people reading this will use the same password for all of the accounts they use, as well as those apps we quit using. As a CIO who allows tablets and mobile devices on my network (ala bring your own technology), this IS an issue to address.
Sony’s recent unpleasantness is a great reminder to review our password policies, as well as an opportunity to educate our users around privacy and protection.
Let’s start with passwords. Simply Google (or Bing) “creating easy to remember secure passwords” and you’ll see a number of bloggers and sites that provide great ways to create strong passwords that you will actually remember but are really hard to guess. My very favourite advice article is from LifeHacker – Geek to Live: Choose (and remember) great passwords.
Secondly, as you create these online accounts, use a utility account from Live.com, GMail, etc. NEVER use your work email or personal email account. If the hackers get your email and password (as in Sony’s case) then the problem is isolated.
So why would I take the time and space to blog to a bunch of IT professionals about such rudimentary security issues? There’s the old maxim about the Plumber’s pipes, the Mechanic’s car, etc being neglected and in disrepair since s/he was busy fixing everyone else’s problems.
Let’s hope they don’t start a maxim about the CIO’s network security.
While I'm currently the CIO for Appleby College in Oakville (the best IT job in Canada), I've had a great ride in a number of positions in various locations. I've lead a team of more than 100 staff at Sheridan supporting a constituency of 50,000 users, I've been part of the founding team building a brand new medical school in Northern Ontario based completely around distributed education, I've started 3 companies, consulted internationally, drove my gorgeous wife crazy moving around all over, raised 2-1/2 great kids (I'll round it up when the final one leaves home), and occasionally scratch the ear of our butt ugly dog. My craft is not IT, but building IT organizations that support challenging and new ways to do things. I am utterly convinced that we as IT leadership need to dramatically change how IT is delivered, before we get relegated to a costly overhead department. In the midst of all this fun, I've had the distinction of being awarded the inaugural 2010 IT Leader of the Year (SME) Award from Computerworld Canada for my work at Appleby College. I'm humbled by the honor and thankful that some of my ideas actually make sense to someone.
