Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to prevent 'zombie accounts' from haunting your digital identity

Tony Bradley | Jan. 25, 2013
Zombies are a pervasive cultural theme these days. We have no shortage of zombie-apocalypse movies and literature, and the United States military and the Center for Disease Control even offer tongue-in-cheek zombie-response plans. But there are other zombies that don't get the attention they deserve--the zombie accounts you have lingering around the Internet.

Kevin Haley, director of Symantec Security Response, warns that zombie accounts could get hacked, and that the data shared with those accounts could be stolen or exposed--but he also notes that the risk isn't necessarily any greater than it is for the sites you actively use.

Keep in mind, however, that more-obscure sites and services don't have the resources of Facebook or Google, and may not be as actively maintained and protected.

Deactivate or delete unused accounts and applications

If you're not going to use a social network, app, or online service any longer, shut down your account. In many cases people simply walk away and stop using a tool or service, but leave it active and do nothing to remove or protect any information it has access to.

Many sites and services don't have a defined data-retention policy, so as far as you know the data you posted to your account could be retained indefinitely. A server breach or compromise years from now could expose information that you forgot you ever even shared.

Paul Henry, security and forensic analyst for security firm Lumension, cautions that deactivating an account and removing sensitive data is easier said than done. "Look at sites like Facebook--you really have to work to remove your data. Even if you delete your information, it will still be around for at least 30 days. And if you then log back in within that 30-day window, they'll keep your information forever, even if you redelete."

Henry also stresses that unused applications and plug-ins are a bigger threat than the possibility of a forgotten website being hacked. Odds are good that you aren't patching and updating software you aren't even using. When attackers find vulnerabilities in those programs, they become an easy back door for compromising your PC.

Part of the problem is that people rarely make a conscious decision to pull the plug on a site or service. You might just stop visiting a site frequently, and eventually forget about it entirely. It takes a little work to stay on top of these things, but you should make the effort to ensure that you don't expose yourself to undue risk or leave sensitive information vulnerable.

Use a password-management utility

It isn't easy to come up with unique passwords, never mind keeping track of all of them. A 2012 survey found that most adults have five or more unique passwords, and that nearly 10 percent report having 20 or more passwords. Major data breaches over the past few years, however, have exposed the fact that many of those passwords are easily guessed strings (like "12345" and "password") that provide essentially no security at all.


Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.