By B.L. Ochman
Here’s a study in customer service contrasts. Two major sites’ accounts have been hacked lately: Zappos and Facebook. Zappos immediately did right by its customers. Facebook? Not.
Here’s what Zappos did – immediately – for its customers when its database was hacked. It’s called “the right thing.”
And here’s what we all need to learn about passwords to keep our accounts safe.
Over the weekend, 24 million Zappos accounts were hacked and some user data – but not passwords – were compromised. Zappos CEO/founder Tony Hseih immediately emailed customers to say their passwords had been reset as a precaution.
That’s because Zappos, unlike Facebook, is powered by extraordinary customer service and actually gives a hoot about what happens to its customers.
Urging customers to re-set their passwords, Hseih wrote: “We are writing to let you know that there may have been illegal and unauthorized access to some of your customer account information on Zappos.com, including one or more of the following: your name, e-mail address, billing and shipping addresses, phone number, the last four digits of your credit card number (the standard information you find on receipts), and/or your cryptographically scrambled password (but not your actual password).”
Facebook still hasn’t said a word about the 600,000+ user accounts compromised daily and the 45,000 accounts – including mine – that were hacked last week.
In the past few days, Zappos spokespeople were interviewed repeatedly by scores of online and traditional media outlets, and were open about the breach and the steps being taken to prevent it from happening again.
Facebook, meh. You got hacked? Somebody’s using your credit card to make purchases through your Facebook account? Tough petooties. There is no human being you can speak to, and you have to be Sherlock Holmes to find the site’s so-called Security Center. On Twitter, we call that a FAIL.
Experts note that, in and of itself, having a password on one site hacked isn’t too big an issue. You change your password, mitigate the damage, and move forward. The problem is that many – if not most -people use the same password on multiple sites.
What to do to protect yourself from hackers
Robert Siciliano, a McAfee consultant and identity theft expert, told Mashable that he expects whoever hacked Zappos’s site will now sell the data to people who run phishing scams.
To be safe, Siciliano says people who got Hseih’s email should avoid clicking on links that claim to be from either Zappos or their credit card firm over the next few months. Phishing emails and voicemail messages typically ask users to “update” their info, giving hackers access to more potentially damaging data. No legitimate company will ask you for credit card information or passwords via email.
When re-setting your password, Tony Bradley of PC World recommends these safe practices for creating passwords strong enough to resist hacking, but simple enough so you have a prayer of remembering them.
1.No Personal Information. Never use a password that has anything to do with you personally. Even a novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams.
2.Don’t use real words. Not only should you not use your name or your pet’s name, he says, you shouldn’t use any actual word that can be found in a dictionary. Passwords like that can be easily cracked by password software.
3.Mix Character Types. Passwords are almost always case-sensitive, so use both upper and lower case letters to make it more difficult. To really make it complex, be more creative than just capitalizing the first letter. For example, do “paSswoRd” instead of just “Password”. Better yet, throw in some numbers and special characters to substitute for letters, and do “p@Ssw0Rd”.
4.Create a Passphrase. Some password cracking utilities are also smart enough to use common character substitutions for common words. Cracking “p@ssw0rd” may take longer than cracking “password”, but it will still be relatively trivial to crack because, special characters or not, the password is still “password”.
Instead, he recommends, take your favorite line from a movie, song, or book and convert it to a passphrase. If you like the scene from A Few Good Men when Jack Nicholson is on the stand, take the line “You want the truth? You can’t handle the truth!” and convert it to “Ywtt?Ychtt!”. It has upper case and lower case letters, as well as special characters. It is not a word appearing in any dictionary, yet it is simple for you to remember.
I know I’ve been guilty of ignoring all of Bradley’s recommendations at one time or another, but you can bet it won’t happen again. How about you?
As for Facebook, I’ve been doing just fine without it. Haven’t missed it one little bit.
I’ve said it before, and I’m saying it again. If your customer service sucks, nothing else matters. Are you listening yet Facebook?