If you do not manage it, you do not own it.
For some reasons, I registered a lot of online accounts in the old days, on many websites, and sometimes many accounts on the same website. When the total number increases, it eventually became impossible for me to frequently check through all of them.
The lack of maintenance could lead to severe security problems.
- The online accounts that I created earlier are more likely to have weaker security settings, like passwords and security questions. At the same time, without frequent checkup, many security settings expire, like recovery emails and phone numbers; some credentials may simply get lost, like answers to the security questions. This means that I may be locked out of my own accounts indefinitely, not being able to improve the accounts' security.
- Data breaches are happening way more frequently than I assumed in the old days. Once the databases are dumped, weak passwords are highly vulnerable and will eventually get cracked, then the accounts will be compromised. Do not underestimate this chance. In the past 5 years, 2 of my major online accounts were once hacked. Those accounts were associate with email boxes, which contained a lot of personal data. In order to gain access back to those accounts, I had to contact their online customer service and upload even more sensitive personal data to prove my account ownership. If these uploaded data are not handled appropriately by the websites, they could lead to bigger security issues in the future.
- Attackers are much more capable than us. They know the vulnerabilities of online services and can get access to our accounts much easier than ourselves. While a piece of missing security information can lock me out of my own accounts, the attackers might leverage the exploits to circumvent the security checks, claiming ownership of my accounts. In the most recent hack, the attackers seemed to have leveraged an obsolete and insecure security path, which allowed them to override my recover phone number, without triggering even a single alert that was supposed to be delivered to my old number.
The lesson is, close unused online account when you still can, especially if they contain sensitive person data, like past email conversations. Depending on the security implementation of the websites, this might not make your data completely secure, but it is supposed to be more secure than if you do not do anything.
This is not a simple task for me due to the amount of data that need to be migrated, but I have added it to my TODOs.
No comments:
Post a Comment