Wireless communications as predicted 113 years ago! (click to embiggen)People are sharing this article that Consumer Reports printed last week, and I think it’s worth sharing. The upside is that of the services they list, the link does indeed take you right to the Delete Account page. The downside is if you don’t remember your old login credentials you may not be able to delete the account. Especially if you no longer have access to the email account (if any) associated with the social media account.
Old accounts like this are a long term security risk for a few reasons. If you’re like millions of others, there has been a time when you were using the same (or substantially similar) passwords for lots of services, so a data breach at a service like that gives hackers database with thousands of people’s username and password pairs that will work at other sites. The bigger issue as that these accounts often have information that can be used to confirm your identity somewhere.
Those “recover your password” security questions, like first car or mother’s maiden name or name of first elementary school teacher. I had one friend once dismiss a big data breach someone by saying, “I don’t give true answers to those question. I have a set of fake answers that I use everywhere instead.” It took me explaining to him a few minutes before he realized that having the same answers to those questions everywhere meant that learning the fake answers from one site gave other people access to his accounts elsewhere. It doesn’t matter if the answers to the personal security questions are true, just whether they match the answers you’ve give before.
In theory, deleting old accounts should remove all of that kinds of information at the service in question. So, this article may be useful to more than a few of you:
Image from a 1944 US Navy Training Film.In case you haven’t heard, the owners of LiveJournal have been moving the servers to Russia. A Russian company bought LiveJournal many years ago (because in those areas formerly part of the Soviet Union, blogging means writing on LiveJournal), but had left the servers in the U.S, which means that your data on those servers was covered by U.S. law. That is no longer the case. I know lots of people abandoned LiveJournal ages ago, but I still cross-post my blog there, and it is still the case that at least two long-term friends always read my posts by clicking over from LiveJournal. During the first couple of years that I was hosting my blog here at my own domain (FontFolly.Net), about half of the clicks to my blog each day were referred from LiveJournal.
I also want to point out that at least one prominent sci fi writer (George R.R. Martin) still does all of his blogging and otherwise communicating with fans over the internet through his LiveJournal. I know of several others who have domains of their own who still cross post to their LiveJournals, as well.
A lot of people are archiving their LJ posts so as not to lose those years of journaling. Since the owners have also removed HTTPS security on everything but the payment page your LJ password is slightly less secure. There are ways to mitigate that, but if you have a LiveJournal account you ever log into, you should make sure that the password used there isn’t used anywhere else. I’ve used a password manager for years, but not everyone does that. I highly recommend 1Password which is available for PC, Mac, iOS, and Android. I have friends who use and swear by LastPass. Both get stellar reviews.
Anyway, years ago (after the debacle where the previous LJ owners conspired with or were duped by some rightwing anti-gay groups into deleting hundreds of journals for bogus reasons; never mind that when it was brought to light LJ restored the journals and claimed it was all a misunderstanding) I migrated all my LiveJournal entries to DreamWidth, which is a much smaller company and doesn’t have an image hosting service. And now my actual blog is hosted at FontFolly.Net, with cross-posting to Dreamwidth, LiveJournal, and Tumblr. And I babble on Twitter.
Since I’m not the sort of person that the Russian government is out to shutdown, I think the main danger to me of the move of the LJ servers to Russian soil is that eventually the owners of LJ will decide that the U.S. journals aren’t generating enough revenue to justify keeping them. We’ll all get deleted at some point and I’ll lose contact with some people who only know me from there. So if you are someone who likes reading my rambles and rants and such, follow me on DreamWidth, at FontFolly.Net and/or Twitter. And ping me to let me know who you are so I can follow you back as appropriate.
Note: you don’t have to have a WordPress blog to follow FontFolly.Net. One of the options will just send you email updates when I post something. And it’s not me sending the emails, it’s an automatic WordPress thing, so you only get anything if I actually post a blog entry.
I may turn off comments on LiveJournal and/or delete older entries. I haven’t really decided.
There’s some features of LiveJournal (and Dreamwidth) that I really wish were easily available from my blog. The ability to post things that are only visible to a pre-defined list, for instance. There are ways to get something like that elsewhere, but only slightly similar functionality. And the main reason LJ’s worked so well is because it was not uncommon at the time, particularly if you were a geeky person, for the majority of your friends and trusted acquaintances to already have an account on LJ. Another thing I really liked was the ability to go look at journals being followed by someone you followed. I found some interesting writers I might not have ever even heard of otherwise that way.
This is related to another thing I’ve been thinking about/wrestling with recently. So I’ve been trying to motivate myself to work more diligently and methodically on finishing the galley edits to the first novel in my Trickster series and publish the darn thing. One thing I find that motivates me is to have a deadline that other people are expecting something from me. The more concrete the something is, the more likely I am to deliver. So I had been contemplating trying to use Patreon for that. Give myself a monthly task of posting a revised scene or similar, right?
My reason for considering Patreon is not about money, but rather the fact that Patreon has tools in place to restrict access of information. If I post a chapter on my blog, that puts it out there in a published format which may have implications for the later publication of the finished work, for instance. Lots of people publish excerpts and samples of works in progress, I know. I’m just not sure how much of that I want to do. So having an option to restrict it to only certain people (similar to when I bring excerpts to my writers’ group for comment) is appealing.
It’s been suggested that I just start a writing blog (whether it be a subset of my existing blog or separated) where I set myself deadlines, post reports, and maybe just ask people if they would be willing to look at something at give me feedback from time to time. And that might end up being what I do. As I mentioned when talking about my yearly goals, just giving myself the assignment to post once a month about my goals did seem to help me stick to them better the two years that I did that.
I’m still thinking about how to go about this. And I’m always open to ideas.
A few weeks back I received a message from a website (where I have ordered a few things in the past) alerting me that someone had tried to reset my password, and if it wasn’t me, I should notify them and take various steps to secure my account.
It was not me, so I reported it, then I double-checked that my old password still worked, confirmed that since the attempt no one had ordered more stuff from them on my account, and I changed my password and set up two-factor authentication. Two-factor authentication is a step beyond the simple user name and password combination, usually involving using your cellphone. In order to make changes to your account, a person needs to log in with the user name and password, and then enter a confirmation code which the site sends you in the form of a text message to the phone at the time you make the request. This makes it very difficult for someone who has stolen your password to do nefarious things with your account, because they don’t have access to your phone.
A week or so later I received another such message from yet another internet web service that I almost never use. Again, I hadn’t requested a reset, so presumably someone was trying to hack me. This service didn’t offer two-factor authentication, and it wasn’t a place where one could spend money, so I just changed my password.
And then it happened again, this time at a big service owned by Microsoft, and this time the warning included additional information: the person who had tried to change my password had done so, according to Microsoft, from an IP address in Russia. Well, there are a lot of hackers in Russia, so that probably shouldn’t be a surprise.
This site offered two-factor authentication, so I set it up, changed passwords again, et cetera.
Lots of web services require you to use an email address in order to set up an account. The reason for this is that if you forget your password to the service, you can make a reset request, and they’ll send a link to the address you used so you can get back in. Most people use one email address for all of these sign-ins, and they use the same password everywhere, because remembering dozens of different passwords is difficult.
I use a program called 1Password, which has the ability to generate a separate password for me for every place I need one, stores the passwords in an encrypted database, and lets me access those passwords from either of my Macs, my iPhone, my iPad, or my Windows laptop (and if I owned an Android device, they’ve got that covered, too). Since 1Password has plug-ins for all of the major browsers, it’s really easy to use.
Anyway, this is my plug to say that if you don’t have something like 1Password, you really, really should. Mac OS X has similar functionality built into the operating system, now. Pretty much every browser in the world will store passwords for you, and some of them have a secure password generation feature built in. And you do need more than just storage. Having the computer generate a different password for each site is a bit more secure that you trying to generate a new password, because 99% of the time when humans are told to think up a new password they do something like take the old password and add numbers, such as 1 2 3 or something easy to remember (and really easy for someone to guess or a hacking script to generate).
Font Folly 