Chris Boyd, a senior threat researcher at GFI Software, noticed and blogged a gaming incident. “Well, i got my account hacked today, lost all my stuff,” complained a gamer. And what do the administrators do? “Nothing,” said the gamer. “they cant find whos doing it...”
But the administrators did find who did it (one ‘beef43302’), and responded, “So yes, as expected the ‘hacked’ account wasn't hacked, I suggest you keep confidential account information to yourself in the future, and change your password now. Even though this was entirely your own fault, and you incorrectly accuse us of incompetence, we shall roll your characters back to before the incident.”
In the real world, the business rather than gaming world, there are no over-arching gods like the game administrators who can role things back so we can continue just as if nothing ever happened. And it appears that we are just as relaxed with our business credentials as we are with our gaming credentials – especially, for example, in things like social media. "As more companies depend upon social media to promote their brand and interact with their customers,” Boyd told Infosecurity, “the risk from simply sharing passwords becomes problematic.”
Companies often allow multiple access to corporate Twitter or Facebook accounts. In such cases, “What tends to happen,” he explained, “is they weaken the strength of the password to allow everyone to remember it, when they should be using a dedicated password management tool with secure sharing functionality. Given that shared accounts can be used for everything from social networks to important admin / IT accounts behind the scenes it's crucial that shared passwords are hidden from view as much as possible.”
And all too often, they are not. “I've seen individuals post screenshots of their workplace monitor to social networks, seemingly unaware that they have post-it notes containing everything from phone numbers to what look like passwords in the photograph.” Who needs hacking skills when we just give them the keys?