Jay LeonardNo one is immune…
On August 3rd, 2012, a tech writer for Wired’s “Gadget Lab,” Mat Honan, was the victim of identity theft. His iPhone, iPad and MacBook were remotely wiped, his Twitter account hijacked and his Gmail deleted. He lost irreplaceable photos from the first year of his daughter’s life, hundreds of emails, and his ability to ever again feel secure online. Here’s how to significantly reduce the chances it could happen to you.
In the immediate wake of the attack, Mat Honan assumed that his Apple ID password had been compromised. It turns out the perpetrator provided just two pieces of information to Apple’s phone support – the victim’s billing address and the last four digits of his credit card number – and the phone support representative gave the hacker a temporary password, despite the fact he couldn’t answer security questions correctly. Known as social engineering, a customer support representative was convinced to provide personal information to someone posing as the account holder.
Before you breathe a sigh of relief because you don’t have an Apple ID or iCloud account, know that this can happen at any company where someone other than you has access to your information and the power to push through a password reset – that’s right, everywhere.
A better password is certainly an important piece of the puzzle. Don’t use the same one across multiple sites. Ideally, use a password management program like LastPass to set up unique passwords at every site you visit. Utilize passphrases (a series of unrelated words is best) instead of an odd jumble of characters. Not only are they easier to remember so you’re less likely to get locked out, they’re actually harder for a computer to hack.
Don’t put all your data in one digital basket. The cloud is a great resource for backing up your data, but if losing something would be devastating it’s best to double up and back it up locally as well. Get an external hard drive and use a program like CrashPlan to set up an automated backup to both a cloud storage location and a local backup device.
A big part of the problem for Mat Honan is that he connected his logins and email’s through a very common process known as “daisy chaining.” He set his Apple email as a backup to his Gmail and used his Gmail as a login for his Facebook and Twitter. If you use Google, Facebook or Twitter to login to other social networking sites or websites, a hacker need only to access one of your accounts to gain control of all of them. Ideally, establish a recovery email address for password resets that you don’t use for any other purpose – don’t set it as your username and don’t post it anywhere on the web.
Using the same email prefix across multiple accounts (for example, [email protected], [email protected], and [email protected]), makes it easy for those with malicious intent to locate and hack into additional pieces of your digital profile. This is particularly dangerous if you use the same prefix as your username to login to financial institutions or as your “handle” on social networking sites.
Set up login notifications and two-factor authentication when it’s available. Google and Facebook both offer it. Basically, whenever your account is accessed from a new computer or mobile device, you have to enter a second code. This code is typically texted to your phone. While it can be a pain in the rear when you’re trying to login from a new device, this step would have given Mr. Honan an early warning that someone was attempting to access his account. It also would have stopped the perpetrator from using his Gmail to access additional logins.
Review your security questions to make sure that the information isn’t easily found through your online presence. For example, the name of your dog isn’t hard to ascertain if you post about her on Facebook or Twitter. Your high school mascot, family names, and the street you grew up on are just as easy to glean.
Consider using a Google Voice Number when online accounts require you to provide a phone number. The hacker who attacked Mr. Honan used his phone number as one piece of authenticating information to get his Amazon account password reset.
While convenient, storing your credit card number online with retailers makes your bank account more vulnerable. The same goes for using your smartphone for online banking, logging into Facebook or Twitter, or anything else tied to your personal information. While just about every smartphone owner stores logins and personal info on it, make sure you set a password on the device so if it’s lost or stolen you aren’t compromising your data and accounts.
This article was written for Business 2 Community by Jay Leonard.
Learn how to publish your content on B2C
Join our Telegram channel to stay up to date on breaking news coverage
Add B2C to your Google News Feed
It is just annoying the fact that we are still living in a password world. Almost everything is still only password protected. But ultimately the fact is passwords (strong or not) do not replace the need for other effective security control. As was stated passwords are useless, outdated, and a security risk. That same organization understood that only real solution is the need to add additional layers of authentication for access and transaction verification without unreasonable complexity and this will of help to their customers if they implement some form of a two-step or two-factor authentication were you can telesign into your account and have the security knowing you are protected if your password were to be stolen. This should be a prerequisite to any system that wants to promote itself as being secure. With this if they were to try to use the “stolen” password and don’t have your phone nor are on the computer, smartphone or tablet you have designated trusted, they would not be able to enter the account.
We do feel your pain Rider… Hard not to want to totally go offline when you hear stories like this. Great points!
Going offline in this informational era is a tough choice. You hardly can do anything these days without going online. Its fast and convenient. The use of the internet is growing fast and we have to do our best to use all security measures that are available to us to protect our identity and personal information. Its a pain sometimes when you have to go through two or three security layers before you can access any account. But, it will worth it when the hackers come around. Thanks for the insight.
Very true Crakethill… We just need to make it as tough as possible for the hackers, that way they hopefully move on to something else.