Do Americans Deserve To Be Hacked?

You have to be living beneath a rock -- which is just another way to say you must not be an Internet user -- to not have heard of all the major consumer website hackings as of late. In recent weeks, major sites such as LinkedIn, Twitter, Yahoo, Gmail, and more have all been hacked, compromising millions of users' passwords and the data these were intended to protect.

Indeed, a Harris poll released today shows that in the wake of all these headlines, 3 of 5 U.S. adults who are online say they feel that they might be vulnerable to being hacked for their online accounts.

So there's awareness. But in spite of this, 62 percent of online adults reuse the exact same password for more than one of their online accounts. (Oddly enough, the number is even higher -- 69 percent -- among people who actively fear being hacked.) Reusing the same password(s) over and over again means that one hack is likely to compromise all your data online, across all your web accounts.

This kind of risky behavior is all too common, even among folks who are supposed to know better. Just this week, Dropbox, entrusted by millions to store important files and data, admitted they had suffered a security breach caused by both users and their own employees using the same passwords for multiple web accounts.

So this begs the question: Do Americans deserve to get hacked? Our behavior seems like we're only too happy to invite hackers in. Here, take all my payment information! And my address, while you're at it. This key conveniently opens all my locks!

This seemingly irrational behavior makes it seem that we want to be hacked, but one other poll result gave me pause. While 48 percent of online adults are concerned or extremely concerned that websites store records of their credit card information and other personal data online, a near-equivalent number (45 percent) say they are not sure of the best way to keep their online passwords and personal data safe.

So it seems that somewhere along the way to the web revolution, most people simply have never heard the basics about protecting their online data. Here are my two super fundamental rules to being safe online:

  1. Use super-secure, unique passwords for every web account.
  • Don't store your data -- be it credit cards, addresses or passwords -- on any website or browser if you can help it.
  • And lest this sound incredibly impractical, there are services out there designed specifically so no web user ever has to make the choice between convenience and security. For starters, use a password manager -- you'll never have to remember or even generate a password yourself again.

    Next, store your sensitive personal data, like addresses, ID numbers, and payment info in a password-protected locally-encrypted format, which will ensure only you can see it. This means saying goodbye to storing info on Dropbox, Google Docs, Microsoft Word, and yes, even an "encrypted" Excel file. These are not actually private and secure. If you pick a high-end password manager, it should also be able to store all these kinds of personal data, allowing for intelligent, automated form-filling so you never even have to retype this info again.

    It takes only a few minutes to upgrade all your passwords and web accounts; same for removing credit cards from different websites. And once you're done, you'll never have to think about it again -- except maybe to marvel at how much risk you've removed from your online life.

    Correction: An earlier version of this post incorrectly listed AOL as a site that had been hacked.