Have you read the harrowing account of tech writer Mat Honan’s epic hacking yet? Go read it. Then read James Fallows’ similar tale from last year.
If you’re not on top of your online security, this shit should scare you. It should scare you even if you are on top of it. We’re putting more and more irreplaceable stuff online, distributed across dozens or hundreds of services, and typically it’s all tied to one thing: your email address.
Your email is the key that unlocks everything else. Forgot your password? A reset link has been sent to your email.
Not to mention all the personal and sensitive information that is likely in the actual messages in your email account.
Honan’s hackers didn’t guess his password or crack it, they called Apple and Amazon and exploited their customer service policies to get into his accounts, and then used one against the other to get all the information they needed. It was easy. They needed zero technical skills to do this, and anyone could do it to you, right now.
I expect Apple and Amazon will be changing some policies very quickly in the wake of all this, and that’s good, but it won’t be enough. Your information is only as secure as the crappiest website you’ve used it on, and that website is really, really crappy.
Anyway, here’s my advice. Consider it a public service message from your friends in the technology department. We just want you to be safe.
1. If you have a GMail or other Google account, turn on 2-step verification. Now. Here’s a good step-by-step guide. It may seem like a pain, but once you have it set up it’s not bad, and if you read those stories above (READ THEM NOW), you shouldn’t have any doubt that it’s worth the trouble.
2. Stop using the same password everywhere, especially on your email account. If you can manage it, use a tool that generates random passwords for every service you use, like 1Password or LastPass. Make sure your master password is good, and change it often.
3. Put a passcode on your phone. Without this, someone picks up your phone and they have access to your email in seconds.
4. Here’s the most important thing. BACK UP THINGS THAT MATTER TO YOU. Honan freely admits that not having backups was his biggest mistake, and he lost all the pictures of his kid since birth, which is terribly sad.
Backups are your failsafe. Not just from hacking, but also from hardware failures, theft, flood, coffee, you name it. All hard drives will fail. Every. Single. One. When will they fail? Probably right now.
Automated backups are easy and cheap. Get a big external hard drive. Better yet, get two. I just bought another 3TB drive for $150. Now I have a backup of my backups of my backups, and I sleep better.
If you use a Mac, turn on Time Machine. If you use Windows, use their Backup and Restore feature. Then sign up for Crashplan, or Backblaze or some other cloud-based backup service. I personally use Crashplan, and I love it, but there are lots of alternatives. If you have other suggestions, please leave them in the comments.
Local backups are cheap and easy, and protect you from hardware failures, while remote backups (also cheap and easy) protect you from theft, fire, and that kind of stuff. You need both.
Some things.
LOL smartphone theft and two step verification.
Generating random passwords for every website is actually a god awful idea. People will forget more, need more password reset e-mails and into infinity. One of the best pieces of advice I saw was to put in your password like
P@AmazonW0rd
So your preferred password with some keyword about the service you’re logging in to.
Phone passcodes are relatively easy to hack if they’re only 4 digits.
Here’s a thing to know. If you have an Exchange server at work and you get your e-mail on it, your systems administrator can totally wipe your device in case of loss or theft. Scary and useful depending on how much you trust your IT department.
There are other services that will do this for you.
Also, if you donate your PC or sell it on Craigslist, use something like DBAN to 0 out the drive. Cookies/index.dat/stored password information in the browser are bad news for security.
Also set your damned FB profile to friends only.
@TCH, That’s a really good tip to put the name in the password. Otherwise, it’s obviously daunting to keep track of a jillion paswords.
I use two-step for gmail (it’s easy) and backup all my key data continuously with Sugarsync. I do all the common sense stuff, too (pass protect phone/laptop).
I think it probably also helps that I only have one credit card.
I want the cloud storage that is easy to put things in and take things out. Do you guys know which one that is? I don’t want to stress out about not getting my stuff out when I want it, not even a little bit.
@tcraighenry Password salting (essentially what you just explained) is a horrible idea. You don’t think hackers know about this? It’ll be the first thing they try. Password managers like 1Password are a good idea, but it’s easy to remember passwords if you just make it something memorable. Stop it with these ridiculously complicated alphanumeric passwords. Unless you have a character limit, just make it a sentence you remember. That’s orders of magnitude more secure than a string of alphanumerics.
And if you’re not backing up your shit, you have no one to blame but yourself.
passwords:
Unless you are constantly logging into websites from multiple computers (eg travelling and logging into your email), there really is no need to have a password that is easy to memorize. There are plenty of password managers for Mac’s and PCs out there. (eg KeyPassX for the mac).
This way you only need to know one password to get into all your other passwords. The password file also lives locally on your computer too. It doesn’t matter if your password is a bunch of complex gibberish because it is a simple copy/paste action to log into a website.
backups:
There is no excuse anymore. Hard drives are cheap and backup software is easy to use. Keep one backup in a closet and another backup at a friend’s house. The backup drives should be from different manufacturers also. Just get in the routine of doing a weekly backup when you do your weekly chores such as taking out the trash.
The cloud/online backups are good (for the “friend’s house” example above) if you just have Office-type documents and a few photos that need to be backed up, but if you shoot a lot of HD video, forget it…stick with multiple hard drives.
Best to come up with a secure password system. Use a few different ones that will most likely fit all the requirements of different websites (capital letters, numbers, 8 characters, etc). But don’t make it too complicated! I suppose there is a chance that you will get hacked, but there is a 10,000,000% higher chance that you will forget your complicated password and then have to reset it, thus messing up the nice system and/or lock yourself out of your own stuff.
And back up EVERYTHING!