Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Staying safe online in 2016 Becci Whitton
27 January 2016

common buzzard

Does working at the Office of the Privacy Commissioner make you paranoid? Well, it’s not quite that bad, but a New Zealand Herald article about cybercrime and identity theft prompted me to think about the number of my online profiles that use, or are linked to, my real identity.

I sat down at my computer and tried to work this out. I don’t post much on Facebook, rarely tweet, don’t Snapchat, Instagram or tumble (is that what one does on Tumblr?). Yet despite not being a social media socialite, I found that I have 20 online profiles that use my real identity.

My online life

These cover all sorts of activities, from forums where I post comments, to the website where I enter my sporting events, through to music and TV streaming services. I have three profiles where had I thought to use a false name, but all of those accounts were created using my primary email address, which contains my real name.

Many of my accounts contain sensitive personal information, such as my online banking, IRD and RealMe accounts, and eight of them include my credit card details. I suspect that, compared to many New Zealanders, this is a low number.

The recently released National Cyber Security Strategy estimates that 81 percent of New Zealanders have experienced some form of cyber breach, and 22 percent have had their email accounts hacked.

Daisy-chained identity

In my case, gaining access to my primary email account, which I’ve been using for many years, would also make it much easier to crack open all my other accounts - including those linked to my credit card. This is because many of these sites will send password resets to my primary email account. For some of them, you don’t even need to know my username because the email address is enough to activate a password reset.

This story, from 2012, illustrates what can happen when online profiles, even ones with seemingly good security, can be undermined when daisy-chained together.

Protecting yourself

What can you do to protect yourself online? The Connect Smart website has some good advice for individuals and businesses. Good password practice is number one; use complex passwords, use two factor authentication wherever possible, and change your passwords frequently.

I would add to this list: create and use separate identities, such as separate email accounts, for your activities online where your real identity is not required. In my case, I didn’t really start thinking about online security until I joined the Office of the Privacy Commissioner, and taking my own advice is going to be a pain in the proverbial. But maybe this extra effort is a fair trade-off for the enjoyment and convenience of life online, and a good resolution for 2016.

Image credit: American common buzzard - via the National Audubon Society.

1 comments

, ,

Back

Comments

  • I was made aware of this some years ago, and as I had just retired from the NZ Police Prosecution Section after 40yrs; I made three ID's to use. The main one which is what I use to send emails to people all over the world. The second one is what is used on Face Book. The third is the least used as it is the one I use for my bank and government departments. All have very different passwords.
    One of my previous passwords, was the entire letters in the centre row of my keyboard [excluding ; and ']. Changing passwords can take time but is certainly worth the effort.
    Cheers.

    Posted by Lance, 14/02/2016 7:31am (18 months ago)

    Post Reply

    The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries