The Four Things You Need To Do Right Now To Avoid Getting Hacked

Innovation, the Internet, gadgets, and more.
Aug. 7 2012 4:56 PM

How Not To Get Hacked

The four things you need to do right now to avoid the fate of tech writer Mat Honan.

(Continued from Page 2)

3) Remote wiping is unnecessary. Turn off “Find My Mac.” Instead, encrypt your data.

Being able to find your lost devices sounds great. You paid a lot for that tablet, phone, and laptop. Why wouldn’t you want to locate it if it’s gone? And if someone else has it, wouldn’t you want to delete your stuff remotely so that they can’t monkey with your data?

In theory, sure. But the way that Apple implements its “Find My” system isn’t very secure. If a hacker gets into your iCloud account, he doesn’t need any other credentials to find your devices and delete all your data. That’s what happened to Honan, and it could happen to you, too.

Advertisement

Until Apple figures out a better way to protect against others wiping your data (perhaps by requiring a second form of authentication for remote wipes), you should turn off Find My Mac.

But what happens if someone gets your computer—how will you prevent unauthorized access to your data if your computer gets into the wrong hands? It turns out there’s a better security system than remote delete: It’s called whole-disk encryption, and it’s built into the Mac and some versions of Windows. You just have to turn it on. (Here’s how to do so in Mac OS Lion, and here’s how to do so in the Ultimate or Enterprise versions of Windows 7.)

Whole-disk encryption works by scrambling all of the bits on your entire hard drive; the only way to gain access to the data is by entering a password. (Here, too, of course, it would be better if two forms of authentication were required.) Turning encryption on slows down your computer by a tiny bit, but it’s not that big of a deal. And when your computer is gone, you can be sure that your data is safe—unless the hacker knows your password, your data will remain hidden to him.

4) Password recovery is a menace. Make sure your accounts aren’t daisy-chained together.

Lastly, you should examine how your various online accounts are linked through forgotten password request services. In particular, look up your various important email accounts, financial accounts, social networks, and other services. Each of these accounts will ask you for an email address where your password requests should be sent.

If they’re all pointing to one another, a single hack could let an attacker get into everything else. For instance, if Gmail is set to send password resets to your Apple account, and your bank is sending requests to Gmail, then all the hacker needs to do to wreak havoc on your finances is steal your iTunes password (which is probably not very strong, because you hate typing out a tough password on a touchscreen to download apps). With your iTunes password, he can get into Gmail through a password request, and once inside Gmail, another password request will let him into your bank. This is exactly what happened to Honan.

What should you do about this? I would create a single, secret, ultra-secure email address that you designate as the one place to send all password resets. What do I mean by ultra-secure? I mean a new Gmail account—something like betyoucantguessthis@gmail.com—with a very strong password and two-factor authentication turned on. Now go to all your other accounts and have them send password requests to this secret address. It’s important that you don’t use this address for anything else—don’t send mail from it, don’t use it to sign up for newsletters, don’t let anyone know that it has anything to do with you. As long as it remains secret, any password resets that are sent its way should be safe.

Nothing online is perfectly secure—determined hackers can get into anything if they really put their minds to it. But the guy who attacked Honan wasn’t some mastermind. He was a kid who just wanted to wreak havoc, and he happened to know about a few key vulnerabilities at Apple, Amazon, and in the systems that govern our online lives. But a few simple steps would have made his attack much more difficult. The stuff I’m suggesting isn’t hard to do. You should do it now.

TODAY IN SLATE

History

The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

The GOP Senate Candidate in Iowa Doesn’t Want Voters to Know Just How Conservative She Really Is

Does Your Child Have “Sluggish Cognitive Tempo”? Or Is That Just a Disorder Made Up to Scare You?

Why Indians in America Are Mad for India’s New Prime Minister

The Strange History of Wives Gazing at Their Husbands in Political Ads

Television

See Me

Transparent is the fall’s only great new show.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Parents, Get Your Teenage Daughters the IUD

The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
Moneybox
Sept. 30 2014 12:04 PM John Hodgman on Why He Wore a Blue Dress to Impersonate Ayn Rand
  News & Politics
Jurisprudence
Sept. 30 2014 2:36 PM This Court Erred The Supreme Court has almost always sided with the wealthy, the privileged, and the powerful.
  Business
Building a Better Workplace
Sept. 30 2014 1:16 PM You Deserve a Pre-cation The smartest job perk you’ve never heard of.
  Life
Education
Sept. 30 2014 1:48 PM Thrashed Florida State’s new president is underqualified and mistrusted. But here’s how he can turn it around.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Slate Picks
Sept. 30 2014 11:42 AM Listen to Our September Music Roundup Hot tracks from a cooler month, exclusively for Slate Plus members.
  Arts
Brow Beat
Sept. 30 2014 2:56 PM How Faithful Is David Fincher’s Gone Girl?
  Technology
Future Tense
Sept. 30 2014 2:38 PM Scientists Use Electrical Impulses to Help Paralyzed Rats Walk Again
  Health & Science
Bad Astronomy
Sept. 30 2014 7:30 AM What Lurks Beneath the Methane Lakes of Titan?
  Sports
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.