Another day, another service hacked – if you haven’t been affected by it, how long before it hits you? It’s been little over a month since we were shocked by the Celebrity Photo Leak, from an apparent hack of weak iCloud backup passwords. Today we have the Snapsaved leak, where possibly 98,000 user accounts have been violated, and about 200,000 photos are now out in the wild. The news that many of the revealing pictures could be of those of minors makes the whole affair even more alarming. Just hours after this hit the news cycle, another shockwave that Dropbox has been breached, or at least 6.9 million user’s passwords have been hacked. Details are still emerging about each hack, and there’s a lot of buzz on 4chan and reddit that is yet to be culled.
Feels like we’re back in the wild west days of the web, everything about everyone is up for grabs. On the one hand you’re constantly being coaxed into trying out new apps on phone and online, while on the other hand all it takes is just one slip-up that can lead to anything from a mild embarrassment to lasting phsychological trauma. There’s only so much we can do, and here are some tips on how you could better protect yourself online.
1. App Login Mania – Another download, another login, feeling password fatigue yet? It’s only fair to feel the urge to use just our existing facebook, twitter, linkedin or google profiles to quickly login and get started with every exciting new app. Sadly that’s precisely where things can go wrong. Once apps have access to your social profiles, these apps can wreak havoc if they’re not managed responsibly. While this is quite rare, and most developers take the responsibility quite seriously, one needs to be cautious when letting apps connect to their social accounts.
Here’s what you can do, occasionally conduct some spring cleaning to remove any Apps and websites you don’t use often from continuing to have access to your facebook, twitter, google and linkedin profiles. Also, if you’re just testing out an app for a short time, use an email (preferrably not your primary email) to sign up.
2. What’s In A Click – A lot, tell me if this sounds familiar – A funny cat video rolls-up into your facebook feed, a friend of your’s has shared it with you, you hit the prominent play button, but instead of playing the video, you find yourself on another site asking you to just a wee bit more before you can finally see that kitten unload it’s furry cuteness. This is an incredibly popular method used to hijack and breach your privacy, lovingly called click baiting, it’s used by marketers and malicious users alike as an altogether unpleasant experience where you’re baited and then switched (misdirected) away from the content you where originally there for, and often leave your social account open to all kinds of exploits. Facebook has been cracking down on these links, but they’re still many floating around on all your social networks at this very moment.
Your best defense is your common sense, if the content seems odd, doesn’t fit what your friends usually post, has a weird URL in the link, or takes you to another site without your permission, or just requested you for access to your profile – you should tread carefully, flag it for spam, close the window and sit back and breathe in relief with the close call you just had.
3. One Password To Rule Them All – We all have that one password we love above all others, it’s funny, it’s been here forever, and is still the one that you use to access a lot of other services. It also sends your social profiles falling over like dominos even if one account’s been breached. Despite how quick and convenient it might seem to have just that one password, you really need to ditch that password in the fiery pits of Mount Doom. Using different passwords for accounts is often a great piece of advice we ignore most often. A password loses it’s potency for a variety of reasons – you could have used it on an infected computer, it was captured over an insecure wifi connection at your local café, someone was just looking over your shoulder as you keyed it in, or maybe it was an emergency and you needed to ask someone to login to your email to check your airline reservations. There are a million dumb ways to kill your security, but protecting it is a lot easier.
Services like LastPass and 1Password have long since offered reliable services to generate and manage multiple accounts and passwords. If configured and used wisely, these tools allow you to quickly and painlessly enjoy the joys of online security. Note: As an added precaution, I also recommend frequently downloading your passwords in encrypted backups and saving them someplace safe.
4. Alright, It’s You…Now Prove It – Two-factor authentication or Multi-factor authentication is an incredibly effective method to stop blackhat hackers in their tracks. After you’ve entered your password for a service, it essentially prompts you for a one time confirmation code to check if you really are who you claim to be. It challenges you for this authentication code if you use your password on a new computer, an unfamiliar smartphone, or even if you’re traveling overseas and login from a different country. Bet you’re starting to see how this can stop an intruder in their tracks even if they’ve somehow managed to get their hands on your password.
Facebook, Gmail and many other services offer multi-factor authentication as an added precaution to secure user accounts. It’s always a good idea to enable this feature to ensure you’re safe. Popular authentication services that allow this feature include Google Authenticator and Authy.
5. Common Sense Above All Else – If you have a picture you’d rather never show anyone on the phone tucked away in our pocket, frequently stuff a text file or email draft full of key passwords and credit card numbers, use a simple password for phone backups, you’re on thin ice. Protecting your data is your responsibility before all else. While phones become our sole passports for travel, financial payments, health and work they also share space with millions of apps growing each day – caution is only necessary. Lightning fast 4G LTE speeds spirit away photos and videos from our phones to their cloud backups before we’re even done using the camera app. Mobile and web technologies are new, it’s potent and it’s evolving rapidly, we need to keep pace with it. In the end however, let your common sense prevail.
Do you have a system or method to ensure your information is safe online? Let me know in the comments.