HOUSTON—There are new warnings going around the Web this week after a technology journalist had his online identity compromised. There’s a lesson here for all of us.
Mat Honan of Wired.com was hacked and cracked Friday afternoon. Within just a few minutes, the hacker got into Honan’s Apple, Google, Amazon, and Twitter accounts. Since then, the companies involved have looked over their security offerings to see how they can make improvements.
Honan, in the meantime, provided the public with an in-depth look at how it happened.
In short, he said all of his online accounts were “daisy chained” or linked together, allowing someone to use “forgotten password” tools and other methods to figure out his personal information and even part of his credit card number.
The fact is most people have their online accounts linked together without even knowing it. That’s because most people use the same e-mail address to sign up for various online services and websites.
Think about this: how many of your online accounts are tied into just one e-mail address? From bank accounts to Facebook and even mobile apps, a password isn’t always enough to keep a hacker out.
Honan said Google/Gmail users should all enable the “2-step verification” security option, as that probably would have kept the hackers from taking over his online life.
With 2-step verification enabled, Google will notify you by text message or phone call anytime someone tries to log in via an unknown computer or mobile device (as in a device that has never been used with the account before). This way, should a hacker actually figure out your password, Google will notify you that someone other than you logged in.
Find out more about 2-step verification here: http://support.google.com/accounts/bin/answer.py?hl=en&topic=1056283&answer=185839
Even if you’re not a Gmail user, there are a few tips you can use to prevent this from happening to you:
1 – Use a different, unique password on every website, and change the passwords often
2 – Use a second e-mail address when registering for lesser-known websites or apps (don’t use an address tied to your bank account, etc.)
3 – Only use reputable smartphone apps (look at the reviews and number of downloads; don’t give the app access to your Facebook/Twitter accounts)
Hackers, crackers, and scammers will always try to find a way around online security systems, but if you follow these basic tips, it will make you less likely to fall victim.