Technology journalist Mat Honan was hacked by an unknown attacker who managed to access his Twitter account even delete all the data on his iPhone, iPad and Mac. What lessons can be learnt and how can you avoid a similar fate?
Passwords are the key to your online world so make sure they are strong. Strong passwords should include:
Just as you wouldn’t want one key for your house and car, you should use a different password on each website. This may seem like a daunting task, especially memorizing them. In fact this can be relatively easy. Each site doesn’t necessarily need a completely different password; even one character different is the equivalent to a completely new password. You could therefore make up a rule, for example, that you will take the first letter of the website name and use that as the first letter of the password.
With two-factor authentication, security depends on two different things. A good example is chip and pin machines. You can’t use your credit card without your pin number. This same principle is used online with your password acting as the first factor, and something else , usually your mobile phone acting as the second. For example Paypal can send you a text message, containing a code, which is then entered along with your password to allow access to your account.
Although two-factor authentication is very secure it does have a few practical disadvantages. What happens if you don’t have or loose your phone? Also, two-factor authentication isn’t currently available for many online services, but you should always use it when possible.
This may seem very obvious, but it is amazing how much personal information we leave online about ourselves. Take a look at your privacy settings on your social networking sites to help avoid giving hackers any information that could potentially be useful. For example, if you own a domain name, all your personal information is publicly available by default on WHOIS. This can be made private (for most extensions), either free or for a small charge to mask your details.
With access to your email account a hacker could reset your password to all your online services. It is therefore essential to protect your email account with the highest level of security available. Setup security questions and make sure you use an encrypted connection (https). Also, provide a mobile number to be used should you forget your password and also setup security questions.
All of these ways to avoid being hacked are irrelevant if a virus infects your computer. It could send the creator your email address and password. It is therefore essential to have a good anti virus software installed on your computer.
Don’t rely on online copies of your data, especially free services. For example, Flickr and Dropbox might be great but they won’t care if they loose your data so make sure you have an external local backup. Also, use services that allow remote wipes very very carefully (eg Find my Mac). What happens if this backfires?