Hi lovebirds! I’m normally not one to constantly harp about the dangers of online dating—most of you know that I actually think it’s much safer than people think, especially if you follow decent safety protocols. But even if you do everything right on your end, the technology you’re using is still out of your control. So today we talk about safety, because yesterday a helpful Twitter pal sent me this tweet from Gawker:
How to log into your friend’s OkCupid account in one easy step! http://t.co/ts660ErHQF
— Gawker (@Gawker) August 20, 2013
The Gawker piece just quotes the full article on the Verge, so that’s where I’m pulling quotes from. The Verge goes into details about how this crazy “login instantly” feature works without a password, via a forwarded email.
Even though it makes it easy for anyone with the link to impersonate a user, OKCupid considers this a feature, not a bug…
“Login instantly” is not new, but it’s an unusual choice for a social network, and a potentially alarming feature for a service that many users consider deeply personal. Furthermore, most users don’t seem to be aware of it. Those who are have been complaining since 2009 about how easy it is to accidentally give out full account access. OKCupid declined to comment on the practice.
OK, so you’d have to have an email from OKCupid to have access to this sneaky token, but still. How many people do you know who have had their email accounts compromised? It’s pretty common, unfortunately. I’ve had an account compromised here and there even though I’m super careful and smarter than, say, my parents when it comes to Internet prudence.
I don’t mean to be alarmist, but let’s all just use this flare-up to remember that nothing we do online is all that secure or within our control. Databases get hacked, accounts get compromised, and information gets out that shouldn’t. All you can control is how safe and prudent your own behaviors are, so do me a favor and go change your social media, email, and/or online dating passwords, like, right now!
As for password tools and resources, I like to use 1Password for my own needs, because the Mac version syncs with the iPhone and iPad versions. But if you’re not in the Apple ecosystem, there are other tools you can use to generate really strong, really random passwords that are different across all sites, and that you change frequently. (RIIIGHT?) My favorite resource for further password education is Lifehacker. Whose password database was compromised a couple years ago, remember that? ;)
Be safe, be smart, and although I’m by no means an expert on this topic, feel free to ask questions if you need more guidance.