If your partner asked for your Facebook password, would you give it to them Chances are, you probably would. Better that than risk all the "what are you trying to hide from me" drama that would ensue, right?
Actually, an innocuous sharing of passwords--even with the person closest to you--could lead to major security breaches. With recent hacks on the New York Times and Washington Post Web Sites, you don't have to be in government or financial services to be at risk.
A third of organizations say employee negligence (a.k.a. the human factor) was to blame for security breaches, according tothis study.
“Breaches related to spouses are a growing risk that people don’t realize,” says Hugh Thompson, senior vice president at global security firm, Blue Coat. “The possibilities for attacks just increase with the more data you share with your partner.”
Here are some common ways your spouse could pose a security risk:
1.) You have different paranoia levels. People who work in security or finance are trained to be paranoid about which devices (and even which networks) they type passwords on. But that level of training is not automatically passed on to spouses. It’s surprisingly common for both partners to use the same passwords for work and personal use, says Thompson. This could give hackers access to your work passwords, if they can trick your spouse into revealing their password via a phishing attempt. Also, on shared ccounts like DropBox and Google Docs, your password security is entirely dependent on your partner’s habits.
How do you counter this? “Just because you share some passwords with your spouse, you don’t have to share all passwords with them,” says Markus Jakobsson, Principal Scientist of Consumer Securityat PayPal. The onus is on you to decide which passwords to share with your spouse, and ensure you have different (and difficult to guess) passwords for sensitive information.
2.) Password reset questions could give you away. Not only are some passwords easy to crack (“password” is still a common one), but password reset questions are increasingly easy to find out, according to Thompson. One reset question could be your spouse’s maiden name. “Someone could get a 30-day free trial on ancestry.com and find that out,” he says.
The risks posed by “meta passwords” or password resets through security questions are significant, according to PayPal’s Jakobsson. Take time to think over which security questions are easy to find out – the city you were born in, for example, vs. information most likely to be known only by you. Meta passwords are also rarely changed if a couple splits up. “People will generally change shared passwords if they break up, but they forget to change the security question,” he says. PayPal is trying to counter this by researching whether posing security questions based on preferences would be more effective. “We’re finding most spouses will know if you love or hate something, but will probably not know your subtle preferences, like if you prefer pepperoni on your pizza,” he says.
3.) The rise of BYOD – or Bring Your Own Device to work. As more people use their mobile phones and personal laptops at work, private information could easily be shared if those same devices are used at home. This is especially the case on weekends or vacation, where one device is used by the whole family. The risks are so great, yet so simple. For example, the picture you take on your iPhone of whiteboard notes from a meeting at the office could be synced to your partner’s iPad at home, in a matter of seconds. “The malware one person downloads by accident could affect their spouse’s company in a significant way,” Thompson adds.
The best way to avoid this is by not letting your spouse download Apps or programs on your work devices, says PayPal’s Jakobsson. If a download is absolutely necessary, he suggests doing it on an iPad or Android device. “It’s not foolproof, but safer than downloading it on a laptop or desktop.”
4.) Your partner may not be your partner online. It’s becoming increasingly common for hackers to imitate spouses online – especially on instant messaging platforms. If your spouse has online presence through social media, blogs etc., their impersonator could easily “sound like them” right down to phrases they frequently use. “Never type out your social security numbers, credit card details, prescription or medical details on an online chat, even if you think it’s your partner on the other side. Spend 5 minutes on the phone to relay this type of information,” Thompson says. “Also, be aware when using technology – where does it back up? How long does it store information for?” Many chat platforms back up the logs of your conversation on two devices – yours, as well as your spouse’s, for months. That’s twice the risk.
5.) Thanks to social media, your information is out there for all to see. Social media makes it a breeze for anyone to figure out who you’re dating or married to. “Your spouse’s security hygiene is just as important as your own,” says Thompson. Company information is becoming easier to decipher through a partner’s social media. “Say your friend updates their Facebook status that they’re in Bentonville, Arkansas and tag their husband or wife, it’s easy to figure out their partner was doing business with Walmart. Even if the company employee wouldn’t update their own status, their partner’s update could compromise confidential company developments.”
The disparity between how each person thinks about security is a growing threat. One partner could have a log in password or remote wipe on their mobile phone, while another doesn’t. Your spouse could be logging on to a shared computer – say, at a hotel – to access your joint bank accounts, while you wouldn’t even dream of using a shared desktop. When it comes to your personal and corporate security, it’s a team effort.