I’ve had my own PC since 1990 (used one since ’87, leading the SEVENTHFLEET to do stuff different—we literally bought a bunch of IBM clones in Hong Kong) and have been on the Internet since 1992. That’s 23 years. My first modem connection was via a CompuServe account that came with a heavy manual and everything was via Command Line. Don’t know what that is? You have an app on your computer even now: be it PC, Mac, Linux, Unix—or whatever OS—where you can use just text commands (DOS guys remember…and I knew a guy who installed Windows 95, but still did everything DOS command line in an open CL window).
…I was actually a Rush Limbaugh fan in 1992, and once exchanged a couple of CompuServe “emails” with him. Prodigy and AOL apps (I had both, too) really brought the Internet to the ignorant mainstream by making it fairly easy with the first GUI apps. CompuServe soon followed with their own GUI for Windows 3.0.
That introduction out of the way, I have never once had a single account hacked, not a single web-based service…be it a bank, trading account, or this blog. Why? Because I’m neither ignorant, nor a moron. Guess what else. I use the same password everywhere. It’s 8 characters. Try to guess it. It used to be only six—four small case letters, two numbers, but too many places began having password minimum requirements, so I had to change it in order to not be constantly annoyed with internet security-paternalism all the time, for the sake of the inept.
A huge percentage of the Internet world is being needlessly scared to death over an ever increasing barrage of new “measures” in order to log into your own shit. It’s reaching diminishing returns for me. I might soon have to go back to a simple checkbook and paper bank statements.
Let’s put this in perspective. We’re talking about people so woefully ignorant in some cases, that they’ll break into a cold sweat over putting a credit card number into fields of a website (I’ve done it thousands of times, no problem ever—because I only do so on trusted sites I haven’t gone to from a link in email); but a dozen times per week or more, they hand their credit card to someone making six bucks per hour in some establishment.
What do you think is more likely for someone getting your credit card number and using it like a thief? Russian or Chinese hackers putting brute force computing worth thousands of dollars to hack your passwords; or, Jenny, that “nice” waitress? Actually, it’s probably neither. And, even those highly publicized hacks of big companies getting millions of CC numbers scraped pale in risk to you handing your CC to someone who takes it out of your sight (most restaurants) where they can not only get the number and expiration, but the code on the back (where billing address is still going to be an issue, so not really that viable, either). …In Europe, they’ve had chips in credit cards since I first went there in, 1989. I felt like a poor stepchild, in 1990—25 years ago—having to always sign, rather than enter a pin in their wireless swipers waiters would bring to your table.
Here’s what you’re not being told: It’s You!
The very vast majority of “hacks” aren’t hacks at all. They’re run of the mill “confidence schemes.” Old as the hills, now on a diet of Red Bull when it comes to the Internet.
To boil it down for you: 99% of the time someone gets into your stuff, it’s because you gave them your login or otherwise opened the door and invited them in. And, because of your utter ignorance, people like me now, increasingly, can’t even count on accessing our shit with username, password, or even a security question of where we first stopped beating our wife.
No, now we also have to be near a phone we’ve previously registered, where we can get a pin either by text or voice, and enter that. Good luck if you’re somewhere without cell service for your carrier.
These annoying measures are all touted as “for your convenience.” You know, “for your shopping convenience, the store is now closed.” In fact, what the companies don’t really want to tell you is that you’re probably too stupid to be on the Internet.
You believe everything you read; and so, you get an email that looks exactly like it’s from your bank, PayPal, or whoever. It contains—deliciously ironic—a dire warning about your account security, and you’re supposed to click this link and go to your account to receive an important message, change your password…or receive a free-gift redundancy. When you do, it will look just like the login page you would expect—assuming you actually have a critical brain cell expecting anything in particular. Adding insult: As soon as your account then gets hacked, you’ll chalk it up to them, not you. It’s beautiful.
…That’s how they get your logins, silly people. It’s called phishing. Thing is, it’s so easy to know every single phish that comes your way. Look at the from address. Look at the link address. This is kindergarten, “don’t talk to strangers” stuff, yet millions of you belly up to the bar every year and ruin it for the smart people.
And you still believe you’re being victimized (your ignorance and willingness to believe—like you were taught to believe in sky fairies—is at root), and that these companies are looking out for you (they’re socializing the burden or your ignorance to reduce costs).
It’s very simple: if nobody ever went to a login page from a link in an email, without exception, Internet security would be as simple as a username and short password and almost no problems would ever happen.
…This post was motivated by a kind of phishing I hadn’t seen before. I got an email from a guy who wants to advertise on the blog, but in the form of a sponsored page with unique URL. $200 per month. I reply: Send me the html (simple text code that’s easy to verify). He emails a PHP file (code that, unless you know PHP—I can rudimentarily futz with it in some contexts—could do a lot of nasty stuff to your site).
The point is, all of this security stuff is bullshit and annoying, and you don’t even need particularly complex passwords, or even different ones for everything: Why you don’t need long, complex passwords. Here’s the super-geek version that goes into maths.
What you need to do is understand that your ignorance and willingness to trust, and believe everything that hits your eyeballs is the root cause of all of this. Stop blaming it on others.
I would want to go back to a simple, absolute username and password. To sign up, you have to agree that the service “is not responsible for items you leave laying around.” Then, let fools and their money be soon parted. Darwinian.
After all, con artists, like lots of predators, serve a vital role in society. Ask any atheist.