There is nothing, hardware or software, that is unhackable.
Let’s get that out of the way right off the bat. If a hacker — a real hacker, not someone with a set of easily available hacking tools — really wants your information, they will get it. The same can be said for the NSA or any other state-sponsored organization.
This is a guide to help you deter the type of <strike>people</strike> degenerates that recently forced their way into celebrity iCloud accounts to pull down private photos. Whether they used brute force to guess the password or an off the shelf piece of software, a combination of these precautions could mean the difference between a mild inconvenience (like having to change a password) and having your personal information (including photos) plastered all over the Internet.
And the Internet never forgets.
And it’s not going to get any better. While news of the celebrity hack is still fresh in our minds, Home Depot is investigating its own hacking related issues. The hackers are winning right now. Even Apple has informed developers that they can’t store HealthKit data in iCloud.
So defend yourself against the jerks and sociopaths.
Passwords and Password Managers
A strong password is a good first step to securing your data. But you need to do more than just use a combination of letters and symbols. To reduce the chances of having your password guessed or brute forced, use a password manager and use a randomly generated alpha-numeric password that’s at least 20 characters long. LastPass, Dashlane, RoboForm, mSecure and 1Password are cross platform services that work via the mobile Web in addition to native apps.
Not only will it generate random passwords, it will warn you when you’re using the same password on multiple sites, a huge security error that many of us are guilty of committing. If you would rather manage your own passwords, make sure they are all different. When you use the same password everywhere, when one site or service is compromised, suddenly the hackers have access to your entire digital life.
Two-factor authentication acts as stop-gap when a new device tries to log into a service or site. For example, with Twitter’s two-factor authentication feature enabled, when you try to log into your account with a new device, it sends you a text message with a temporary password. In other words, you can’t log into an account without your phone and the temporary password sent to that phone.
You’ll be alerted when someone is trying to get into your account even if they have your password. Apple, Twitter, Dropbox, Microsoft and Google all use two-factor authentication. Set these up for extra security.
Don’t Back Up Sensitive Data or Your Phone Online
The cloud is supposed to be secure. This weekend we learned, not so much. If you’re dealing with sensitive images, documents, or videos, its best to keep them off all external servers. That means not allowing services like iCloud, Dropbox, Flickr, Google Drive, and others to auto-upload data to their cloud storage. Instead, keep that sensitive data on an external drive that’s only accessed when you’re offline. Wickr CEO and co-founder Nico Sell warns that there are all kind of dangerous websites out there with malware that could compromise your computer and give a hacker access to your data.
This also means not backing up your smartphone to the cloud. Those backups are a treasure trove of data. Everything about you is in that backup. Keep it password protected and local.
Don’t Link Accounts
When Wired’s Mat Honan suffered a hack of his entire digital life in 2012, one of the side victims of his hacking was Gizmodo’s Twitter account. Honan had linked his personal account to Gizmodo’s when he had worked for the publication. When his account was compromised, by proxy so was Gizmodo’s and both accounts began tweeting the nonsense usually associated with hacked Twitter accounts.
In a world where Facebook Login is commonplace and some apps and services only work if you use your Facebook Login credentials, it’s difficult to keep accounts separated. Facebook does offer two-factor authentication so there’s at least a stopgap for the entry into all those linked accounts. But if it’s possible, use a separate account for everything each with its own unique login and password information. It’s also a good idea to see which apps you have linked to your Facebook and Twitter accounts and remove ones that you no longer use.
At some point these made sense. Probably before social networks had us sharing all our personal information with friends, family and then eventually the world. Now security questions like “What’s your mom’s maiden name?” and “What’s the name of your favorite movie?” are easy to answer by anyone that knows how to use Google, since we’ve shared most of that information online. Instead of answering truthfully, come up with unique answers that make zero sense in context. For example: “What’s your favorite food?” could be answered with Buster Table.
Make sure it’s something memorable that has nothing to do with the actual question.
Since you’re already going to start answering questions with lies, you might as well make your online persona a den of fabrications in the name of security. “A lot of times people are disillusioned and feel resistance is impossible and they just give up,” Sell said while talking about people already in the thick of social networking, “the most powerful tool going forward is misinformation.” She recommends changing all the key things that are used by companies as security questions. This includes your birthday, billing address, birth location, and family ties.
Birthdates can prove to be a huge security risk. Just move your birthday on Facebook a few days forward or back and maybe even change the year or you can hide it. Most people won’t even notice and for those that do, just tell them why and suggest they do the same.
Also, if you’re already friends on Facebook with family members, there’s really no need to advertise that you’re also family. A smart hacker can determine your mother’s maiden name via aunts, uncles, cousins, and grandparents. Your mom doesn’t even need to be on Facebook for her maiden name to be known.
Password Protect All Devices
This should be the first thing you do with a smartphone, tablet, or computer. Your computing devices are just giant bags of personal information. If any of them get stolen, why make it easier for the culprits to steal your identity? Plus, you’re not just saving yourself grief, but all of your contacts. Gathering email addresses is the first step in hacking into a person’s accounts.
Site Specific Credit Card Numbers
Many banks and credit cards offer single use and temporary credit card numbers. Use these to your advantage. A credit card number can be used to verify identification. In fact, when Mat Honan was hacked all the hackers needed was the last four digits of his credit card to establish identity. If you are using multiple cards (all tied to the same account so you get one bill) when one account is compromised, it doesn’t lead to a series of accounts being taken over by hackers.
Privatize Your Website
If you own a domain name, chances are your name, address and phone number are freely available to anyone that does a whois query. Fortunately, you can privatize your domain registration. Go to the domain registration site you use (the place where you purchased your domain name). Sign in and look for the option to privatize your information. If you can’t find the option, call the site and have them walk you through the procedure. It’ll probably cost you a few dollars a year, but it’s worth it.
Once again, nothing is hacker-proof if you’re targeted by a very talented individual or state. And some of these precautions may seem like overkill and the ravings of a someone that’s paranoid. But, if you do everything right and it thwarts hackers before they even start, it’s worth it.