Ok this post is an easy one, but I worry it may not sink in. Either way, here goes:
Use. A. Different. Password. For. Every. Website. You. Sign. Up. To.
The ONLY exception is for sites that you don’t mind if someone hacks into multiple accounts. For example, for some random forums I frequent, I use the same credentials and I really don’t care if they get hacked; there is nothing personal on them.
For everything else, USE DIFFERENT PASSWORDS! There are so many sites being hacked successfully these days that this should no longer be “advice” and instead considered “compulsory learning in order to be allowed on the Internet”.
And before you worry about how, here’s the answer: use a formula. This way you don’t have to remember a single password but can instantly figure out a particular site’s password, for example:
“Day of birthday + 1st 3 letters of website URL + last two letters of surname + number of letters in URL/surname etc”
You get the idea. Make sure it has a few numbers in it and isn’t completely predictable. You are not really at risk from people ‘guessing’ your password, but more those who steal one site’s catalogue of login details and then spam all other sites trying to log in with them.
You’ve probably heard of Zynga, or at least one of their products. They are the proud creators of Farmville, once the 3rd most popular game on facebook, with over 200 million monthly active users of their freemium games. In December 2011 they went public, raising about $1bn.
It seems like a story of success, but a few things indicate that Zynga are in the process of diversifying both their products and their revenue streams.
Upon opening the Netflix UK website to sign up for the 1 month free trial, I see this:
Note that I had not yet logged in via Facebook at this point, but Netflix was already showing me my Facebook friends who are already using Netflix. My question is, how? Surely a website can’t just access your Facebook data without authorisation, and if it can, what else is it able to access?
A quick test showed that when signing out of Facebook, the Netflix page stopped giving me personalised results, but I checked the Facebook App Security page and Netflix was not listed, i.e. I had not previously authorised it in some capacity. This was a website I had never provided any information to before that was accessing my Facebook details.
I’m pretty dubious about this and would love to understand what is going on here.