Unless you’ve been truly off the grid the past few weeks, you’ve heard about the hack of Ashley Madison, the website dedicated to making extramarital affairs as easy as online dating. Well, here are some suggestions for how to avoid this kind of stress in the future. So let’s take a look at some practical lessons from the Ashley Madison hack from a security and privacy perspective. First lesson: Use multiple email accounts These days, everyone who is active online should be using multiple email addresses. If someone has access to a primary email account, even just knowing what the address is, they can often find out a lot about the person who has it. Some 15,000 government workers reportedly used their government email addresses to sign up for Ashley Madison.
This kind of attack could have happened to any special interest site on the Internet for any reason (and it does, as I’ll discuss shortly). You should think about your email addresses and how you use them like the rings of defense in a fortress.
This time the attack was on (mostly) men that wanted to have an affair, and the attackers’ reported motive was the unscrupulous practices of Ashley Madison’s business policies, especially the company’s offer of “deletion” of account information for a fee, which apparently was a service that didn’t quite deliver on its promises. Let me give you a real-life personal example of a similar kind of attack on a more mainstream site. Castles had different lines of defense that were progressively stronger, and so should you.
Examples of “citadel” email accounts: [email protected]@Obviously you need a primary email address for your friends and family and a small number of important websites that you trust or simply have to trust like those of financial institutions.
This primary email is likely the Gmail, Yahoo, Apple, or AOL account you’ve had for some time.
If you’re using this account for other sites, go to those sites and change the email to your second address below (the “outer wall”).
Example “inner wall” email accounts: [email protected][email protected] should be an additional Gmail, Yahoo, or other online email address you create just for signing up to all those other sites and services out there that you’re interested in — everything from social media to shopping to news to blogs.For many sites you have to register for on the web, you really only need an email account to confirm your registration.You may not want or need the site to know your email address after that.But this account should only be used with friends, family, and those handful of critical sites like your bank and your insurance company and your utilities.Don’t use your primary email address for registering for any other websites, including online shopping, games, or promotional offers.Let me say this again because it is so important: Only use your business email for business sites and services.