If you’ve already got New Year’s resolutions, these six steps to protecting your identity online will be the easiest one of the bunch, and will only take a few hours. The year 2012 may well be remembered as the year we woke up to the threat hackers pose to our online identities. One of the year’s most read stories was Mat Honan’s horrifying account of having his online identity stolen and the subsequent loss of data that resulted because a hacker wanted to take his Twitter account on a mischievous joy ride. After reading about the attack I spent a couple hours to safeguard my own accounts in order to minimize the chance such an attack could happen to me. With the new year upon us, now is the perfect time to take your own precautions.
The most frightening aspect of the attack Honan suffered was that his passwords were never compromised. The hackers gained access to his Twitter, Gmail, Amazon, and Apple accounts through social engineering—essentially they exploited system vulnerabilities and tricked customer service agents into resetting passwords in order to take control of his accounts. Not once did they actually figure out one of his passwords.
With our lives becoming more digital each day it’s essential we start taking some precautions. While there is no 100 percent guarantee against being attacked these seven steps will certainly help. You don’t have to tackle every step at once, or even in order, every bit makes your digital world a bit more secure—so start today with at least one of these steps.
Step 1: Use strong passwords (time requirement: ongoing + 2-4 hours to fix old passwords)
Passwords have always been a thorn in our side. They’re often too short or too common, easy to hack, or too long you can’t remember them. The sad truth is even the best ones may not be enough to keep you safe but you’ll be significantly safer if you keep these tips in mind when creating your passwords.
- Don’t use words from the dictionary
- Don’t use any of the most common passwords (i.e. password, 123456, abc123)
- Use long passwords you can remember
- Don’t reuse passwords on multiple sites, which means you’ll need a password management tool to remember them all (see step #5).
Step 2: Enable two step authentication (time requirement: 20 minutes)
Think of two step (aka two factor) authentication as the second layer of security between you and a would be hacker. The basic idea is that a password is not enough to access the website, a second form of identification will be needed. For consumer websites this takes the form of a random set of numbers sent to you in text message or on an app. Not all websites offer two step authentication but for those that do it’s well worth the few minutes it takes to set up. Follow the links for setup instructions on these popular websites.
Step 3: Remove your personal information from online sites such as Spokeo and WhitePages.com (time requirement: 20 minutes)
You’d be surprised how much information about you is available online. Using just a first and last name and a bit of online sleuthing, it’s easy to find almost anyone’s address and birth date. This type of information is a treasure trove for would-be hackers. It can be used to gain access to popular web properties such as Apple or Amazon via a quick phone call to customer service. After a few high profile hacks some companies have started to address this problem but it’s far from being solved. Take a few minutes and delist yourself from Spokeo (instructions) and WhitePages.com (instructions). While those are two of the most accessible locations for your information, they are not the only ones.
Step 4: Give fake answers to security questions (time requirement: ongoing)
Consider the security questions you fill out when registering for a website a second password. Using a combination of publicly available information (see step 3) and your own social network posts it’s not difficult for a hacker to figure out the answer to commonly asked security questions such as city of birth, mother's maiden name, or your first car. Giving real answers to these questions makes it easy for anyone to access your account. If the website offers it, create a custom security question. If not, give fake answers, just be sure you remember them.
Step 5: Use password management tools (time requirement: 2-6 hours—depending on how many passwords you have)
If you follow the advice in step 1 you’ll end up with hundreds of passwords that you’ll never be able remember. The trick to keeping all these passwords straight is a password management tool such as 1Password or LastPass. They act as a vault for all your passwords, storing them securely and allowing you to look them up wherever (computer, mobile phone, or even in a browser extension), and whenever needed. It’ll take a few hours to set up, but consider it a long, overdue spring cleaning. You’ve probably got passwords written in text files, or sticky notes, or in email. Consolidating these in a secure location is not only a good idea it’ll make your life much easier.
Step 6: Backup your data (time requirement: 1-4 hours of setup)
In and of itself backing up your computer is not going to protect you from being hacked but it’ll be a lifesaver if it happens to you. When Mat Honan was hacked, the perpetrators remotely wiped his computer to throw him off the scent. Without a backup he lost everything including precious photos from the first year of his child’s life.
These days backing up your computer is easy. I recommend setting up two backup systems: one that backups to an external hard drive in your home, and the other that backups to the cloud. But doing just one of the two is a great first step.
Time Machine (for Mac users only)
Time Machine has been built into Mac OSX since 2007. After a few simple setup steps it runs continuously in the background keeping not only the latest copy of your data on an external hard drive but previous versions as well. I’d recommend buying a Time Capsule so everything happens over your wireless network but cheaper external hard drives work just as well, you’ll just need to remember to connect them to your computer regularly.
Backup to the Cloud
One of the disadvantages of the Time Machine is that your data is backed up to a hard drive stored in your house. This makes recovering files easy, but it means you’re still vulnerable to loss from things like natural disasters or theft. Storing a copy of your data in the Cloud solves these problems.
Expect to pay about $50 a year for a Cloud-based backup service. It’s a great price considering your computer is full of irreplaceable pictures, documents, music, and much more. Personally I use Backblaze. Once you install their application it’ll run in the background, continuously uploading your data to their servers. The initial backup may take few days depending on how much you’re storing on your computer, but once that’s complete only changes or new files need to be uploaded and that will occur automatically in the background. If you want to do some comparison shopping check out Mozy and Carbonite.
Step 7: Check if you should change your password (time requirement: 10 minutes)
Should I Change My Password is an ingenious little site that combs the depths of the internet to find email and password data sets that have been hacked, leaked or compromised. You enter your email address (anonymously of course) and they’ll tell you if any of your accounts were included in these breaches. If so, be sure to change your password wherever you use that one.
All these steps may seem a bit daunting so start with one or two and slowly make your way through them all. Doing just a few of the easy ones is better than doing nothing at all. But I strongly suggest you take them all on as a New Year’s resolution. Once the unthinkable has happened (bank accounts emptied, computer erased, or some embarrassing rants sent out from your Twitter account) there is very little you can do to fix the problem. Your online security is one of those things you need to address before a problem arises.