Every tech pundit out there has been talking about the heartbreaking story of Mat Honan of Wired and how hackers used social engineering to gain access to one of his accounts, and the chain reaction results.
One of Honan’s problems stemmed from how his accounts were daisy-chained together. `The recovery email for one account led to another, account names on different networks were consistent, etc. Figuring out how to mitigate this requires some thought. We have multiple email accounts, and it will probably require some diagramming and planning to figure everything out there.
Then there are passwords. We admit to people all the time that we don’t even know half our passwords. We use a two-pronged attack on this. One is the open-source, multi-platform app KeePass. KeePass offers a password vault stored as a file, encrypted using a single Master Password. All of the passwords in it are generated by the program and impossible for most people to remember.
We also use Lastpass as a service. Lastpass has a plugin for every browser, offers one click login, form filling, and more. The basic service is free, but the premium version adds mobile support and additional features. We’re not using half of the options that it offers, even with the $12 a year we give them for premium.
But, as part of a redundant philosophy, you should have your most important passwords in multiple locations. Also, having passwords even you don’t know in vault means you can easily change your credentials regularly for individual sites, should you choose to. do so.
Two factor authentication, although it could be a bit more user friendly, is enabled for all Google accounts and Lastpass. This is not a challenge for hackers to hack. There’s nothing very interesting there anyway.
In security, the mantra is trust no one. Try to walk the line between paranoia and rationality very carefully.
The second issue is backup. This is an area where we could be better. We have a backup plan that needs to be upgraded. We have various cloud backup solutions, and a few local ones. They need to be unified. We’ll get back to this in a future post, once we create a checklist.
But, for those of you out there, let’s cover a few basics. Periodically, extract your online data and store a copy somewhere, both locally and remotely, in addition to your cloud storage. Try a relative’s house. The likelihood of you and your relative both suffering calamities is probably slim. Remember that sending your data to a remote drive and deleting your original copy is an archive, not a backup.
Make a plan, automate as much as possible, because manual action is so easy to get behind on.
So, backup, secure your accounts, do some planning…we’ll be back with more. Consider yourself warned.
- Tips From Mat Honan After the Hack that Brought Down his Cloud(pbs.org)
- The inside story of how hackers destroyed Mat Honan’s digital life(theverge.com)
- Amazon fixes security flaw hackers used against Wired’s Mat Honan(arstechnica.com)
- Google, Amazon, Apple Security Flaws Could Mean Vulnerability for All Their Users – Including E-Book Buyers(the-digital-reader.com)
- The very four digits that Amazon considers unimportant…(lastinfirstout.net)
- 6 Things You Can Do Today To Secure Your Online Identity(apartmenttherapy.com)
- PSA: Enable Google Two-Factor Authentication(bostinno.com)
- How To Protect Yourself From Amazon’s and Apple’s Gaping Security Holes(tested.com)
- Enable These Two Features Now for a More Secure LastPass [Lastpass](lifehacker.com)
- 11 Ways to Make Your LastPass Account Even More Secure(howtogeek.com)