On Oct. 23, the University of Michigan’s Information and Technology Services department sent out an email with new information regarding the internet outage that took place at the beginning of the school year. Many students, myself included, were upset that the University left students and staff in the dark for two months, only to essentially admit (not even in the original email) that Social Security numbers and bank account information were compromised in the cybersecurity attack.
Of course, with a situation this large that affected 230,000 people, one cannot fault any single student or staff member for not “protecting their information better.” However, the responses I saw floating around on social media after the update admitting to having weak passwords including first, middle and last name or 123456 for their online accounts made me wonder: Have we gotten too comfortable on the internet?
College students are part of an especially vulnerable population of the internet. Having grown up in the generation of social media, we tend to live a significant portion of our lives online, thus, putting out more information about ourselves than older age groups do. Additionally, despite being at the age of financial independence and largely in charge of our own finances, we may lack the self-awareness to keep track of our credit history and check in frequently for fraudulent charges or scams. Simply put, our familiarity with the online world does not guarantee the safety of our digital records. Hence, practicing good online safety is an essential skill because cyber attacks can happen at any time to anybody.
The first and easiest measure to ensure good internet safety is simply to have better passwords. However, this is where virtually everybody goes wrong: 83% of Americans use weak passwords, and 78% of Gen-Z use the same password for multiple accounts. Avid online users are fed up with passwords, and understandably so. A random combination of letters, numbers and symbols for all 40+ of our internet accounts is just unfathomable. This exhaustion, referred to as password fatigue, is not only a common phenomenon, but one that came to the fore, as previously mentioned, when we were asked by the University to change our official U-M passwords.
To help take the burden off of internet users, websites will sometimes set strict rules for what constitutes a strong password. This places extra emphasis on the account holder to develop increasingly complex passwords that are harder to remember. Fortunately, in order to curb password fatigue, tech developers have started creating password managers in order to keep track of passwords across the internet.
Because the internet is like a second home, plenty of personal information is regularly being stored and updated to various online platforms. But much like an actual home, you don’t want to give the key to that information to a stranger. As a reminder, the general rule of thumb when creating a good password is to have 12-14 characters, with a combination of upper and lower case letters, numbers and symbols. And of course, don’t use the same password for every account. Once a hacker figures out one password’s account, they can easily use that same password for every single other type of account (especially bank accounts). This is often referred to as a credential stuffing attack.
While passwords remain the biggest weakness that hackers can exploit, there are still plenty of other measures that internet users should be taking in order to ensure their information remains secure. When a new software update comes out on your operating systems, update as soon as possible. Use firewalls to protect unauthorized access to your internet browsers. And of course, always be on the lookout for sketchy websites. Double check URLs, badges and HTTPS (Hypertext Transfer Protocols, e.g. encryptions that protect sensitive information) to verify that the website is safe to browse. If a pop-up from your browser indicates that the website may be dangerous, then it probably is.
Keep in mind that none of this information should be groundbreaking news; I suspect that the average reader would know what a strong password is and how to spot sketchy websites. However, the bigger point between all of this advice is that it is ultimately the carelessness and apathy that hackers capitalize on. If you know your current online system is weak, I encourage you to click off this article and address it right now. Procrastination and laziness on our ends only makes hackers’ jobs easier.
Of course, weak passwords and faulty websites are not entirely to blame for a lack of cybersecurity awareness. After all, cybersecurity legislation cannot keep up with how quickly technology is developing, thus there are consistently gaps left regarding information privacy and user protection. While there have definitely been attempts to pass legislation to protect internet consumers, due to fierce opposition and free-speech concerns, bills that could be protecting American internet users can’t escape the gridlock. That doesn’t mean that states are lacking: California, Utah, Virginia and Colorado all passed internet safety legislation.
In Michigan, we have the Internet Privacy Protection Act that prohibits employers from asking for social media account information, as well as the Gaming Act of 2019 that defines online gambling, but there is no wide-sweeping internet regulation. All this to say, at the end of the day, online systems, as we know them, are designed to keep the user burdened with protecting their information, not the other way around.
If there is anything that the information cyberattack revealed to us, it’s that our information is incredibly vulnerable (and desirable) to many third parties across the globe. While most of us are not at the forefront of technology policy, we can still take plenty of actions on our own that ensure we are protecting our information to the best of our ability.
Liv Frey is an Opinion Columnist exploring any and all types of relationships one can encounter in college. For inQUEERies, they can be reached at livfrey@umich.edu.