Have You Checked Your Passwords?

Think your passwords are safe? Think again.

I recently received an unusually provocative email, sent from an old friend, brilliant software engineer and seasoned international expert in data security and the art of not being found online:
“Hi Freddy, look at the attachment [see screen grab], take care of your passwords, change them periodically, and try not to use the same ones everywhere.”

Given my relatively high level of vigilance for emails just such as this one, which make you immediately want to click on a file or link precisely when you should not do so,

I paused:

First, to check the address that the email came from and to make sure that I was not on some “undisclosed recipients” list, before doing an independent browser search on the title of the attachment to see what I could learn about the attachment, a screen grab from “https://ghostproject.fr.”

And second, to examine more closely the screen grab itself, to see if it was not, in fact, just a simple screen grab, but rather another file type disguised as a simple screen grab (PNG, JPEG, PDF, etc.). This is a whole other topic, particularly relevant given the importance of clinical photographs in our field, which I may address in another article, but for now I would suggest a quick primer titled “Safety tips for handling email attachments and content downloaded from the Internet,” found at https://support.apple.com/en-us/HT201675.

Never heard of ghostproject.fr? Well, neither had I. But when I saw their FAQ page and the header, “It’s big! 1.4 Billion Clear Text Credentials Discovered in a Single Database,” I confess I was interested in learning more. As it turned out, I was surprised to find one of my more commonly used email addresses in the massive database of exposed credentials, along with one of my—thankfully —old passwords. How it was obtained I will probably never know, but the fact that it was there, exposed for all the world to see on a public website, creeped me out much in the same way that the famous line “Have you checked the children?” did in the 1979 film.

Have You Checked Your Passwords?

When a Stranger Calls. Let’s face it, most of us tend to assume that our usernames and passwords are all safely tucked away in their digital beds, and that there is no monster out there that really cares enough to go after them, and by extension (pun intended), us.

And for those of us that don’t sleep soundly with the wildly mistaken belief that our 5–6 character, dictionary-based passwords are sufficient to thwart the legions of reasonably intelligent digital couch potato / predators out there—those of us who suspect that some of our passwords have been compromised over the years—what are we to do?

Few of us, thankfully, have the knowledge, or the desire to end up on an FBI watch list, to go digging around in the rusty furnace rooms (channeling Freddy Kruger here) and unlit corridors of the dark web to find out just how much is known about us or our closely held credentials for the many, many websites to which we have given our credit card and other valuable information. And so we sit back and hope/pray that we have a) chosen strong passwords, b) only used those passwords once per site, c) carefully researched and selected sites that can be reasonably trusted to safeguard those passwords and, d) understanding that NO SITE can ever guarantee the safety of our credentials, routinely and religiously changed our passwords.

The fact is, the problem of identity theft is getting not worse, but much worse, and yet for some reason the ever increasing drumbeat of data breaches in the healthcare industry, like the increasingly frequent and ominous phone calls from the Stranger, does not seem to be getting the attention of nearly enough medical professionals.

So.

Have you checked your passwords?

This article was originally published in Aesthetic Socitey News, Fall 2018

About the author: Freddy is the CEO of Epitomyze Inc., a team of healthcare and medical imaging experts devoted to revolutionizing the role of clinical photography in medicine. Epitomyze’s premier service is Epitomyze CloudTM, a state-of-the-art cloud- based, digital-asset storage and management solution for image data. The service can be accessed through secure credentials from any device, and can be paired with it’s sophisticated Epitomyze CaptureTM app. Freddy is passionate about the subject of digital imaging in medicine and the role that clinical photography can play in improving the quality of care for patients. Follow him on Twitter: @epitomyze.