Last night I was brainstorming several topics to post on the blog in the coming days and then I read the story of Mat Honan in Wired. You can read it here. Matt is a writer for Wired magazine and recently he was severely hacked, resulting in loss of digital files, financial risk, and embarrassing posts on social media. What’s scary about this story is that Honan was not irresponsible and he is reflective of many of us who live in the cloud. He had a Gmail, Mac.com, Amazon, and Twitter account as part of his digital life. He also had a subscription to Apple’s iCloud which acts as cloud storage for Apple products, but also allows you to have corporate like security to locate lost Macs, iPhones, or iPads and wipe them clean remotely. In a single hour, hackers used these services to infiltrate Honan’s digital life, wreak havoc, and then wipe it clean. Here’s how he describes it.
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
Honan’s description of his ordeal is terrifying for those living a digital life. Many of us mirror his exact setup of cloud services and hardware. Obviously, the average Joe is less likely to be a victim to a hacker like this who is trying to make a point, but just the same, it exposes the vulnerability still present in these services and especially when these services are offered by several providers. In Honan’s case he was using Apple, Google, Amazon, and Twitter and he reports Apple and Amazon’s customer service systems left him the most vulnerable. Honan also points out that our life is increasingly moving digital and into the cloud and that we need to seriously consider our security.
So how do we improve our digital security. I’m definitely not an expert, but here are a few tips I’ve found. First, in relation to the issues identified in Honan’s case, Michael Rose from The Unofficial Apple Weblog (TUAW) offers the following advice.
- Don’t use your iCloud email account as a password recovery account for Gmail, Hotmail, Yahoo! Mail, etc. You can and probably should set up a “blind” account for password recovery on a service you don’t use for any other purpose, with an address that is never publicized or used to sign into social media sites.
- Use different payment methods for iTunes/iCloud and for Amazon.
- Don’t save credit cards on your Amazon account. Keeping your last four digits off of Amazon’s servers means they can’t be shared with bad guys.
- Turn ON two-factor authentication where possible. Google allows you to set your account to require a separate check via cellphone or the Google Authenticator app when you log in from a new machine or when you try to change security settings. (Counterpoint: Security expert Bruce Schneier did not think much of two-factor auth back in 2005.)
- Turn off Find My Mac. Until Apple closes this hole, the risk of someone hacking your iCloud account for kicks and wiping your hard drive in the process is unknowable — but probably too high.
- Back up, back up, back up.
You can read the full post here.
One additional service I recommend is 1Password. I discovered 1Password several years ago when I reached the point that I had so many accounts and the security rules were forcing me (for the good) to use varying logins and passwords to the point I could not keep up. 1Password is a program that works on Macs and PCs as well as iPhones, iPads, and Androids and serves two key purposes (and more): 1) it tracks all of your logins and passwords in one place securely and allows you to use it to login to any site you’ve saved your credentials from right in the browser and 2) it provides a password generator that can match any site’s maximum security rules and allow you to have a completely unique and complex password for every credit card and digital account you have. This is one of my go to programs.
In the days and weeks to come, I predict this story is going to grow and result in several changes to the security of our digital services. I also believe it will raise the awareness of digital vulnerability. While I do believe Honan was mainly a target because he was a high profile tech personality, it should make all of us a little more aware and hypervigilant. I know many of us would be devastated if we lost our digital life or had our devices wiped and inoperable. I sympathized as he described loosing pictures of his child’s first year. Take your security seriously and follow the advice posted in the coming days to reduce your digital risk.
Please follow along and do share comments back with me as you read. If you want to subscribe to the RSS feed for the blog, you can do so here. Or, you can follow the blog through our Facebook page and on Twitter.
20 Day Challenge Learnings – This morning I sat down again at the start of the day to write. I’m finding that’s a preferred approach. I usually spend the first 30-60 minutes of my day warming up and the posting is meshing with that. It also makes me feel good to have it done. I did remember to pull out my iPhone and start the stopwatch when I began typing, so I’ll have a time at the end. Even though this topic seemed to flow, it still took me some time. I continue to see increased traffic to the website since I started the challenge and continue to post on social media. I also have noted what I would call increased interaction from followers. Retweets and sharing are still light, but contact from individuals and mention that they are following the posts has increased. Last night I brainstormed some topics for upcoming posts, which should help in planning the days ahead. So far, being in Austin (versus the road) seems to help. We’ll have to see how my success changes when I hit the road again next week and am traveling for more than a week. I’ll continue to press on. Please comment below and tell me how I am doing.
End Time: 45 minutes