Secure Online Accounts

Now is the best time to log into and secure online accounts you have open across all the social and web based sites. How many of us have opened accounts with web based services to accomplish one task and then never return… well, for a really long time… then one day you decide to go log into one of those ancient sites to see what information is out there on (sorry to pick on you) Friendster. Yep, you still have that account out there. But you've gone through one desktop and two laptop computers since you last logged in and you have no idea what the username and password are. Hmmm

Well, you're in luck! They have a password reset option! They'll send you a password link to your (this happened to me last week) Comcast email account – because that was your primary account when you joined Friendster. But you haven't been a Comcast subscriber for over two years.

Don't worry… they've instituted Security Questions! The problem is, you haven't logged in for so long, you never set up the security questions. Sounds pretty hopeless.

This is exactly why now is the time to log into and secure online accounts… at least the ones you use on a regular basis. I'll get to some strategies for getting back into those really old Blogger or Friendster accounts.

Scenario 1

Here's my situation: I set up a Blogger.com blog about 5 years ago using one of my domain names in front of "blogger.com". Now I want to use that domain name for something completely different. So I'd rather have those old blog posts disappear. But Blogger was absorbed by Google, and my Google login is not associated with that old domainname.blogger.com account… only my Comcast email address. I lost access to that email account when we moved into a rural area where Comcast has no service. I can fix the situation by finding someone who still is a Comcast subscriber and convince them to add my old address (if it's still available) to their account with a password I make up. Then I can "log in" to my old email address and go back to Blogger.com and request a password reset. Sound like a pain in the you-know-what? Childsplay… check out Scenario 2

Scenario 2

You're out playing an online game that's supported by ads that run in the right side bar. They aren't too intrusive, and hey… you and everyone else gets to play for $0.00 But one evening just as you're about to beat one of your best opponents, one of the ads delivered through the ad stream has some malicious code. The malicious code delivers a pop out warning dialog right in the middle of the screen… right where you need to click on the game controls… you find the "X" in the upper right corner of the pop up and click it without loosing concentration on your game. In the background, the malicious code executes itself and installs scripts that locate all passwords stored in your browser cache and immediately log into Yahoo, Google, MSN, and Facebook… copying all your contacts and sending them an email titled "You've got to see this video" with a link in the body that looks like a YouTube link, but which actually downloads the malicious scripts. It doesn't stop there… while logged into your online accounts, it automatically changes your password and sets up password security question/answer combinations (which were unset before). It adds its own secondary email address as a backup, because the secondary email was not configured either.

You start getting chat messages from your friends on Facebook that say: "WTF Dude! You are sending me this virus crap on Facebook and email. Better clean up your profile." Shutting down your computer will fix nothing. You need to get back into all the accounts and change your passwords, but the automated scripts have already changed them for you and locked you out. Ever tried to call tech support for Google or Yahoo? Yahoo is a lot easier to get ahold of.

What to do – Securing Online Profile Login Accounts

It's a mess… so this is why I say to you that now is the best time to log into and secure online accounts you have open across the web. So, what do you need to do to secure your online accounts? For the sake of this article, I'll limit my recommendations to non-financial institution, or government, or work related accounts… I'll speak only in terms of Web based accounts you may have opened for email, social networking, or other information search sites: (think Gmail, Twitter, LinkedIn, Yahoo, etc.)

A Secondary Email Address

When you go into the account settings on just about every account you have, there is a place for you to put your email address. This is how the company will communicate with you. There's also a place for a secondary account… they've realized that sometimes we stop working for the company, or subscribing to the service (Comcast), close the primary email account, or get hacked. So the secondary email is another way to confirm that it was really you that asked to change the password and security questions this evening. Here's a sample email I received from Yahoo!:

New secret questions were added to your Yahoo! account ?(xyz******)?.
To ensure that your account information remains accurate and secure we notify you whenever this information changes.
This change request was made on January 20, 2013 at 12:01pm PST.
If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to make changes:
https://edit.yahoo.com/forgot?stage…

This message goes to both my primary and secondary email accounts, and hopefully the secondary has not been hacked too. That link at the bottom allows me to cancel the change and restore the account to the way it was before.

A Security Question/Answer Combination

These sites also allow you to set up a security question that presumably only you know the answer to… this makes it a lot more convenient to just reset your password without having to go log into your email to validate that you are really who you say you are – You. A word of advice. Most of them include "Your Mother's Maiden Name" – I would caution against picking this one. Your bank asked you this when you opened your account and they use it as one of several personal questions to identify you. Look for a question that isn't so sensitive: Your first car, The last high school you attended, Your favorite teacher's name, Favorite movie, etc.

Scenario 3

Let's say you have a hard time remembering your password from one site to another. You usually get three tries and then your account is locked out until the company opens up again Monday morning EST. You try password 1, nope. Oh yeah… now you remember.. now it's: "xyz…" – Wrong Again. Last try…

Stop here and click the link that says: "I forgot my password". It will take you to the screen that lets you choose between answering the security question you chose, or send you an email with a link to reset your password. Now the choice is up to you.

That's easy!