28 March 2007

Keeping your data secure online

There is a growing trend among the Web 2.0 sites of asking you to enter a username and password for some other site in order to perform an action. Two recent examples of this i've come across are Technorati which asks for your Blogger username and password in order to verify you own a particular blog and Facebook which asks for your e-mail account username and password in order to match you contact list against existing Facebook members.

As an IT professional i'm naturally skeptical of any such demand and in the case of Technorati chose to verify my blog ownership in a different way. Terms and Conditions and Data Protection declarations are one thing but you've no guarantee your details won't be stored in a database and if they are there's all the more chance they may at some point fall into the wrong hands. The only way to be sure is not to type them in in the first place.

A Blogger user account is one thing but Facebook asks for something totally different. I wonder how many people actually consider what data is stored in their e-mail inbox before they submit their details with the promise of being shown how many of their friends are already signed up.

When you sign up to the majority of sites you're e-mailed a confirmation containing all your details, including things like home and work addresses, phone numbers, date of birth, passwords and perhaps the most crucial of all, answers to secret questions e.g. mother's maiden name. If some unscrupulous person gets hold of your e-mail account password it will likely take them little effort to steal your identity, empty your bank accounts and max out your credit cards.

This article from the BBC Many net users 'not safety-aware' serves to reaffirm the point that a large number of net users simply do not think before typing their sensitive information into random websites.

1 comment:

Michael James said...

Indeed so, security has to be thought about, I was discussing the other day with people about how much information I store with Google, email, photo's documents and spreadsheets (none of these documents contain sensitive information) as well as notebook etc.

Its scary how much information they hold, in terms of logon information I believe this is where OpenID is the future. Instead of every Tom, Dick and Harry wanting my information they just use the OpenID protocol where all my information is held securely and transmitted securely. Also there is a far greater chance that I will actually remember my logon information.

Of course on the other side of the coin with OpenID is if someone cracks your account they have access to all your accounts, this is where some kind of extra level of security needs adding, but I'm not an expert in such areas.