Dodged a Bullet
It’s time to ‘fess up: I’ve been putting off that thing I had been meaning to do for too long. As a consequence I woke up yesterday to find my Amazon account had been hacked.
So instead of spending the day writing I started by cancelling my credit card, talking to Amazon, and then doing my high-tech version of bolting the stable door after the horse had gone – moving all my passwords over to a secure password manager. In my case, LastPass.
I’m not a security expert but I am tech-savvy. I’ve been working in IT for 30+ years, I try to be cautious online and I don’t feel I’m complacent about the risks. Even so, it wasn’t enough, they got me. The Bastards.
The thing is, I knew it. I’ve learned with my writing not to ignore the little voice in my head that says ‘You can’t get away with that’ about some aspect of the story. I had a similar voice about this. ‘Oh, I’ll get around to it,’ was my invariable response. Not only should I not have ignored it, I knew it too.
People – don’t ignore this. Make a start now. It’s a mild pain to go through the process, but once you’re done it’s done. In the end it is a change of behaviour and it will help keep you safe online.
I browsed reviews on tech sites for an hour and then picked LastPass. DashLane is also an excellent choice. Both operate the freemium model, the DashLane Pro version is more expensive.
There are also several other well-reviewed and highly rated password managers. Most work on the popular browsers and operating systems. Here’s a review and comparison of LastPass & DashLane, including a feature chart of other products.
LastPass is reasonably easy to use. It does tend to accumulate duplicates of sites where you have changed a password but that’s easy to spot and manage. On FireFox I noticed a ‘feature’ where your list of sites blanks and you have to log out/in again, also not really a big problem.
Password managers work transparently for most sites, once you’re set up they log you in without keystrokes. LastPass can run a password strength audit, and will generate secure long random passwords for you too (You can view these if you need to.) Sites that ask for characters selected from a keyword or similar will still need some action from you however.
In the end for me – no harm done, just some stress, worry, and wasted time and inconvenience. It’s a pain to be without a credit card for a week, but the bank was immediately helpful. Amazon were also great – they froze my account, reversed the transactions the hacker had made, and returned the account to me all within the day. Once I had my account back I set up a secure password and deleted the credit card info on the account.
The only thing that was hard was finding out how to contact Amazon without an active account. All the contact info is behind the account login wall. A quick Google for ‘Amazon telephone’ returned 0800 279 7234 though obviously that may change with time.
So, lesson learned. People, please learn from my mistakes and make a start now. Today if possible. Right now. Then, like Jimmy in my flash piece below, you’ll get away with it.
~
Jimmy Checks Out
Pow!
He’d caught a bullet.
Snatch! Just like that.
He’d seen it coming he told them later. He’d snatched that motherfucker right out of the air. Burned his palm but that was OK. Anyways, it wasn’t a real bullet, it was a copy. Nice one, too.
How did Jimmy know? He knew because you couldn’t do that with real bullets. You couldn’t catch ‘em.
Jimmy flipped the bullet, caught it, and slipped it into his pocket. Guy who fired it wouldn’t mind. Guy like that, he’d have a whole bunch of bullets. He could spare a few.
And now of course I’ve had to change it, because I’ve announced to the world that it was a soft and floppy password.
I can relate to this. I moved over to 1Password a while ago and am not sorry, but need to change my Paypal password. It’s the last memorable password I used and some part of me is reluctant to change it.
What was the little voice saying in your head and why? What was the alarm that you ignored?