The #1 Reason People’s Accounts Get Compromised Is…

by on Oct 22, 2009 | 0 comments

In the context of this article, "account" refers to anything on the internet that requires a username and password in order to access it, such as a web-based email account, instant messenger account, and so on.

There’s an old word (if you could call it that) that’s been used time and time again in thousands of different I.T. departments across the world, and that word is PEBKAC, pronounced "pebb-kack." It stands for, "Problem Exists Between Keyboard and Chair."

PEBKAC accurately states the #1 reason why people get their account(s) compromised, that being end user stupidity and/or lack of knowledge.

Here are some classic examples of PEBKAC:

"My husband/wife and I use the same email account because it’s more convenient."

Not good. One of you is going to inevitably make a major error that will lead to you losing the email account in some way. It doesn’t matter how long you’ve gotten away with it to this point, nor does it matter how much you trust each other. One of you will screw up, probably very innocently with no bad intentions whatsoever. And when it happens (and it will,) bye-bye email account.

Email accounts should only be used per individual. Shared accounts is just a bad, bad idea because there are way too many things that can go wrong just from normal use.

"I use the same password for my email as I do for my online banking account, because remembering passwords is just too hard."

Dumb. This means if one of your accounts is compromised, so are the others. Why? Because you probably use the same username as you do password for all your accounts.

Solution to problem: Use KeePass.

"I keep my account information in a Notepad text file on my desktop."

Not smart. Okay, so you’ve got the right idea to at least keep track of your accounts, but in the worst possible way. Anybody who goes in front of your computer can open the file up as its in plain sight. And even if you’re the only one who uses your PC, if your hard drive crashes, your account info is gone.

Again, KeePass it. Store the database on a USB stick. It’s encrypted.

Here’s a few other ill-advised methods for your consideration:

  • Using the browser to store all username/password information. Bad because anybody who uses your PC has access to everything, and I guarantee you’re not backing up your credential information.
  • Using a browser bookmark synchronization service to store all username/password information. Also bad. The bookmarks supplied with account credentials are still on your local drive. You’re at least backing up your stuff, but are still poising your account information to be compromised from the locally cached copy.
  • Setting site preferences to keep you logged in for more than 24 hours. Thankfully, online banking prohibits this – even down to an auto-logout after 10 minutes of inactivity. But other web sites do not do this. There are some (like Gmail for example,) that have a small checkbox that state to keep you logged in. I strongly recommend against using features like this, because I guarantee you’re never clicking the "log out" link but rather just closing the browser. This means somebody else can simply walk up to your PC, open the browser, go into the history to see where you’ve been, then have complete full access to whatever you were signed into just by clicking a few links. It’s all right there.

If you exercise basic common sense when it comes to your account information, the chances of your accounts getting compromised decreases dramatically.

I’m not saying to get all paranoid and lock down your PC like Fort Knox. What I am saying is that you should be aware of the simple ways (as outlined above) not-so honest people can get to your information.

By individualizing account credentials, using an external means of account information storage and routinely clearing your browser history, these simple steps add a rather good level of protection. No, it will not protect you from all means of ways an account can be compromised, but it’s a really good start.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: