If you haven’t been paying attention to the Internet these past few days then you would be surprised to learn that several famous celebrities, including Oscar winner Jessica Lawrence, have had their phones hacked in to and a variety of pictures stolen. Some were tame and others were of a sexual nature (including nude pictures). Out of respect of the privacy for these individuals we will not be linking to the pictures themselves. Whilst it will still take time for us to understand how the hack occurred (reports vary stating that there may have been one or even a small group of hackers) we thought that we would take this opportunity to present some tips on how to protect yourself online.
It is, unfortunately, easier than you would think to hack into someone’s private account. Yes there are a range of technically skilled hackers all over the world who could engineer code that would get them past this firewall or that firewall. Yet in many cases most hacking comes down less to coding savvy and more to listening.
That’s right. Listening.
Because more often than not you are revealing, through your tweets or Facebook posts, exactly what answers someone needs in order to hack into your account. It’s called Social Hacking.
Whenever you sign up to Google, Apple, Microsoft or Facebook you are often asked to answer several security questions to prove your identity in the event that you need to have your password reset. These questions often appear mundane or useless and examples include:
- What street you grew up on?
- The name of your favourite band?
- The city your parents met?
- Your nickname in high school?
- Your mother’s maiden name?
- The name of your first pet?
All of these are questions that only you would know. Unfortunately they’re also questions that you may often reveal accidentally, without forethought or in your average conversation with friends. Let’s say that you’re tweeting with friends about a range of topics and soon you’re talking about your pets. It’s easy enough for you to talk about the first dog that you had and how you remember him fondly. A determined hacker only has to search through your tweets for keywords (animal, pet, dog etc) and will quickly come across this conversation. If one of your security questions is about your pet dog then he’s 1/3 of the way into your account. It’s that simple.
So how do you prevent all this?
Use a different city where your parents met in your questions, or perhaps you should give the band that you absolutely HATED in high school? All of these are things that you won’t accidentally reveal through social conversations. Just try to remember exactly what city you put in or nickname you lied about.
So once you’ve got your security questions faked there are some other online safety tips for you to learn:
Strong passwords: Oh gosh we can’t stress this enough. ‘Password’, ‘Password1’ or ‘123456’ are NOT GOOD PASSWORDS. Our recommendation is to use a password manager (we use 1Password here) this will allow you to create passwords of 70+ characters that are completely random. You won’t ever have to think about what password you need for each site…you just need to remember your ‘master password’.
2 Factor Authentication: This is a new but important step. 2 factor authentication kicks in whenever you want to log in to your various accounts. Basically every time you want to do something with your account you must have your phone next to you. Before you can change something, send money to someone or alter a password you will get a code via SMS to your phone. This makes hacking almost impossible because it is highly unlikely that the hacker will both know your security questions AND have access to your phone.
The internet is a crazy place and there are a lot of insane people there. It can, however, also be absolutely wonderful. You just need to stay safe.