Even the unimportant ones can cause you problems.
One of the pushbacks I get when I reiterate the importance of securing your online accounts relates to accounts you might consider “unimportant”. You may feel that extra security measures are more hassle than they’re worth. As a result, you might use a poor password, re-use a password, or fail to set up recovery mechanisms.
My concern is twofold. First, accounts often become more important over time. Second, a breach of even a so-called “unimportant” account can still cause you massive headaches.
Become a Patron of Ask Leo! and go ad-free!
Unimportant accounts do matter
Regardless of what you may believe, your accounts — all of them — are targets for hackers. Even if you think you have nothing a hacker would want, you do. Recovery from an account hack, even for an “unimportant” one, can be more painful than expected. There’s no reason not to secure all your accounts properly from the start.
Let me debunk the most common reasons I hear for downgrading the risk of even “unimportant” accounts being hacked.
“I’m not a target, I have no money.”
To put it bluntly, this is flat-out wrong.
First, hackers won’t know you have no money until after you’ve been hacked!
Second, be it your bank, PayPal, credit card, or other financial accounts — every account is a target. Even if you have no money and no credit, hackers can use your accounts to perpetrate fraud, credit scams, and more, all in your name. If that happens, you may not find out until it’s much too late, leaving you with a mess to clean up.
The same is true for shopping accounts. Even without money or an associated payment method “on file”, scammers can still cause you grief by using those accounts for various forms of fraud and mayhem.
Your accounts are valuable to scammers for a variety of reasons, all of which will impact you negatively should the worst happen.
“I don’t use this account for anything important.”
You might think this about a secondary email account set up to stem the flow of marketing or spam headed to your primary, private account.
Once again, it doesn’t matter what you use the account for; spammers want it. They want access to your contacts so their spam and scams are more likely to be opened by the people who know and trust you. If you’re using this as an alternate email account, they want access so they can compromise your primary one.
Once your email account — any email account — is compromised and spammers get hold, it’s your reputation taking the hit and it’s your mess to clean up.
You may think, “If it’s ever compromised, I’ll just walk away from it.”
Good luck with that. It’s a good bet you have, in fact, used this “unimportant” account for something you’d want to keep. You won’t realize it until it’s much too late. It’s a story I hear often enough.
Importance grows over time
It’s possible your account truly is unimportant at first. If it gets compromised early, perhaps the ramifications are small. It’s annoying to have even an unimportant account get hacked, but it’s typically not more than that: an annoyance.
The longer you hold an account, the more you use it, the more you rely on it, and the more important it becomes.
My Hotmail account, for example, was originally and for a long time a truly unimportant throw-away account. I set it up to experiment with Hotmail shortly after Microsoft purchased it.
Today, it’s one of my most important accounts because it’s my Microsoft account, used for logging into several of my Windows computers.
The longer you have an account and the more you use it, the more important it becomes. If you treated it as unimportant when you set it up, it’s likely you didn’t set up the recovery and security information that will allow you to regain access to the account — and to everything for which it’s a gateway — should it ever be compromised.
There’s no real excuse
Honestly, there’s no real excuse to do at least the bare minimum to secure any account, no matter how “unimportant” you think it may be today.
- Set a strong, unique password. 12 characters minimum, with random characters preferred, used nowhere else.
- Set recovery info. Be it a phone number, an alternate email address, or something else, set it and keep it up to date.
Really, that’s the bare minimum, and it’s just not that hard. Using a password vault lets me quickly assign new random 20-character passwords to every account I create these days. There’s just no reason not to.
Before you dismiss the account you’re creating as “unimportant” and before you assume you’re just not a valuable target, think again. Every account is more important than you think, and everyone is a target.
Take a few seconds at account creation time to protect yourself. Someday, you’ll be glad you did.
Secure your accounts from the start. Then, once you’ve done so, subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.