For the last few weeks we’ve been discussing spring cleaning your electronic footprint. We’ve suggested good habits to get into with your digital devices. You can probably sense a key concept in these articles that is ‘data minimization’. If you don’t need it, get rid of it. The same is true for accounts of systems you haven’t used in a while and aren’t planning to use in the foreseeable future. Unused accounts are a risk to you simply because they are unmonitored by you and contain information about you. This brings up another important topic, passwords. These unused accounts are hopefully at least password protected and after reading the articles on this website, everyone knows you don’t use the same password across multiple sites.
Here’s the first active exercise you can try while you finish reading this article. Use Identity Finder at campus and at home and set it to search for passwords. This is a great way to find passwords stored unsafely on your system. If Identity Finder can find it, then it’s not protected. If you find you have a lot of passwords you cannot dispose of for whatever reason, consider using a password manager for your personal system(s). There are many out there, LastPass, KeePass, Dashlane, and others. Just ensure you utilize a paid subscription and that you obtain the software through safe means and a reputable site. There are many bad sites and many more bad actors who have manipulated the software to allow themselves backdoor access to your password lockers. Be safe and read the reviews.
Passwords themselves are relatively easy to crack which is why industry is trying to move away from this pillar of security, the password. A good hacker can crack an entire enterprise of passwords in mere minutes. This is why we ask you not share passwords, change them often and remove unused, unnecessary accounts. On a daily basis many IT folk find their systems and personnel accounts on websites such as Pastebin and Leakforums. Because of safe practices, usually this data is no longer valid by the time it’s posted there, all the same the IT admins inspect this data to be sure.
Much like the IT Admins, you too can scour the web for forgotten or neglected accounts. Use search engines and search for yourself. Use variations of first and last name, with and without your middle name. Search your address both for work and home. Search sites you used to frequent. Remove the old accounts, especially social media accounts. Did you ever have a MySpace page, maybe it’s time to remove that account. Remember to review the privacy settings and change them if possible to keep the information flowing to only those you wish to see that data. Privacy features change on websites all the time, so review them often. If you can’t delete the account, perhaps you can change it to an account that is only viewable by you. Another tip is use multiple search engines. This is the second exercise you can do while reading this article. Google, Bing, Yahoo, and Dogpile yourself. If you want to review a list of potential sites, you can try visiting justdelete.me. This site contains links to popular sites removal pages, to make it easier to reduce your digital footprint.
One last note, worthy of mention, is cleaning your browser cache. Are you the person who has the browser save your passwords so the next time you have to visit the site, you log in automatically? Be careful there, if your computer becomes pwned, owned by the bad guys, then so is that password. Best not to use this practice and simply type it in yourself when necessary, or use a password manager. If you want to clean your browser cache, Identity Finder has a nice tool you can use called System Cleanup, check off everything available in that tool and let it run. Your next scan will go much faster and your digital footprint will be more secure. If you have any questions about any of these suggestions please check with your local campus ISO.