In the past months, every online web service appears to be a target for hacking or just plain old fashion social engineering. LinkedIn passwords were hacked in June. Yahoo leaked online account information in July. Dropbox dropped the ball (again) in August. An Amazon & iCloud social hack devastated an online blogger after a hacker took control, reset his iPhone, wiped his iPad, formatted his MacBook, and locked him out of his Gmail and Twitter accounts!
What we have learned is three fold:
- Never use the same password twice!
- Use “disposable” Credit Card numbers; or at the least, do not use the same credit card for Amazon as Apple.
- Always use Two Factor Authentication when available!
How to use unique passwords everywhere
Never use the same password for multiple websites. This is especially important when dealing with financial websites. Your bank password should not match your facebook password and should ideally be 20 characters in length! And if you manage your own website, having managed dedicated server hosting plans for your website can decrease the chances of your site being breached.
You need to use a password manager application to keep track of everything. I recommend KeePass as it is Open Source and Free (as in beer). It allows you to not just save passwords, but has a password generator so you don’t have to think one up. It also makes copy and pasting that password a breeze. If you store your KeePass database file in your DropBox folder, you will have updated access to your passwords from your work computer, home computer, laptop, smartphone, etc. See the tutorial video below for more info on how to get started.
KeePass Video Tutorial (YouTube link)
Use disposable credit card numbers
Just like you should use a different password for every website, you should also use a different credit card. Unfortunately, this advice varies greatly between financial institutions. The best way to go about this is to check if your credit card company offers “Virtual Cards,” “disposable,” “temporary” or “one-time use” numbers. A virtual credit card number can firewall online transaction from your regular account.
Read more: 6 things to know about virtual credit card numbers
If your lending institution does not have a virtual card number program, consider removing all Amazon payment methods. The iCloud / Amazon social engineering “hack” was accomplished because Amazon shows the last four digits of your registered credit card on file without authentication. Apple uses those same four digits to reset iCloud password data. How to Delete Payment Methods from Amazon
Use Two Factor Authentication
This has been written up all over the Internet. The important part to realize is that it is only a minor inconvenience to set up the authentication ONE TIME. After that, everything works the same as it does now. Added benefit, you get a text message every time a new computer or device accesses your GMail. That is especially handy for those who have recently gone through a break-up. Ex-significant others often times know your password or know enough about you to guess the security challenge questions and gain access to your online accounts.
A how-to guide on Google’s Two Factor Authentication. A must read for anyone with a Gmail account.
No excuses: It’s time to turn on two-step authentication
Here is Google’s own step by step guide on how to set this up:
Getting started with 2-step verification
And a good article about how two factor authentication is a good idea everywhere, not just GMail. You might check to see if your bank and credit card websites offer such protection. I know I am looking into this for myself right now!
What You Need to Know About Two-Factor Authentication