If anyone in your family has a thing for shoes, they’ve probably shopped at Zappos.com—and, in the process, handed you a valuable reminder of the need to protect your online identity. To most people, such protection means being careful with your Social Security number and credit card information and monitoring your credit report.
But Zappos, which just lost control of the personal information of 24 million customers, says what we really need to be careful with are our online passwords. In a letter, the company asked all its customers to change all their passwords on all their accounts if the passwords are in any way similar to the one they had used at Zappos.
Oh, is that all? Zappos clearly recognizes that many of us use the same password on multiple accounts. How could we do otherwise? With dozens or even hundreds of online dealings, maintaining so many unique passwords without writing them down and carrying them around—itself a risk (What if you lose your little black book!)—would be next to impossible.
Yet distinct passwords are what every expert inside and outside of Zappos recommends. The web is loaded with advice on how to fashion a password system that is secure and, it is suggested, easy to remember. Maybe. I struggle with all of them. If you’ve got a system that really works, please write.
Zappos is only the latest company to allow a breach. Last spring, hackers got credit card information from 77 million Sony customers and a Citigroup hacker stole $2.7 million from about 3,400 accounts. Globally, hackers stole about $39 billion last year. This is an up-and-coming crime. So if nothing else, use the Zappos news to have a conversation around the kitchen table.
In the money milestones working paper that I recently reported was being circulated around the White House, protecting against online theft is the focus of two of the top 20 money practices identified as critical for young people. The paper says that with kids aged 6 to 10 parents should:
- Know the websites your child visits.
- Decide which websites are appropriate, and block any inappropriate sites using parental control software.
- Make it a rule that your child never gives out any personal information when on the computer.
- Don’t allow buying anything online without your permission.
With kids aged 11-13, parents should:
- Discuss the dangers of entering personal information online with your child.
- Explain that thieves can use a Social Security number to open credit cards or other accounts, or to create fake documents in their name.
- Talk about the hazards of accepting free offers online, such as cell phone ringtones or games.
- Make it a rule that your child never answers emails from someone she doesn’t know or clicks on pop-up ads.
Doing all that is a great start. Then tell them to change their passwords … often.