Internet Account Security: Keeping Your Accounts and Sanity Under Control

I’ve been asked a lot recently about keeping internet accounts from getting hacked and I have a few ideas and thoughts I’d like to share with you. Upon reflection I suspect you’ll realize you’ve put a lot of your information on Facebook, Twitter, Google (Drive, Gmail, YouTube, etc.), Apple (iCloud, iTunes, the Mac App Store, etc.), Microsoft (OneDrive, Hotmail, Outlook.com, Office 365, etc.), and many, many others. Perhaps not all, but more than one. Are they secure?

How would you feel if your Facebook account was hacked? If someone used it to spam your friends with ridiculous stuff? If someone changed your password? If someone erased your online pictures? If someone accessed your private e-mail and messages? If it ever happens, help is available but wouldn’t it be better to prevent it? Of course! So here it is … The Token’s prescription for your account security.

First, the common sense steps:

1. Keep it current!
   
   • I don’t care if you’re running Windows 7 or Macintosh OS X Lion. Running Linux? Good for you. Keep your operating system (OS), your drivers, and your plug-ins updated. I can’t stress this enough. Yes, sometimes when you update stuff things change. And sometimes you need an update to fix what the last update just changed … but overall you’re going to be thankful you kept it all current. I’m not saying you need to go upgrade to Windows 8. I’m not saying get Yosemite as soon as Apple releases it. I’m saying keep the version of OS you’re on updated. I’m saying when Java says there’s an update available, do it! I’m saying when Adobe Flashplayer has an update, make it so. Get the picture? When the developers of your critical software find a flaw they send the fixes, the countermeasures to newly developed software threats, to you through these updates. Forget the old saying, “if it isn’t broke, don’t fix it,” because while you’re OS and critical applications have not changed the hackers of the world have created threats that make you’re old reliable vulnerable.
     
2. Take it seriously.
   
   • When you create your accounts, don’t leave your recovery e-mail address blank. Use your correct date of birth. When you answer those pesky and burdensome security questions, don’t put some silly nonsense just to get past this step! If the crud hits the fan, and you need to regain control of your hacked account, you’ll thank yourself for putting a little thought into it and taking it seriously. In the rare event the service you’re trying to get back into actually has people to talk to on the phone; they will need to verify who you are somehow. If you can’t answer any of the questions, don’t know what method of payment you used, and put nobody@privacy.com as your recovery e-mail … I feel for you when you’re account is lost forever. If you did this kind of stuff, I highly recommend you correct these “oversights” as soon as possible. Here are links where you can edit account details for many major internet services:
     
     1. Apple: https://appleid.apple.com/
        
     2. Google: https://www.google.com/settings/security
        
     3. Microsoft: https://account.live.com/
        
     4. Facebook: https://www.facebook.com/settings?tab=security
        
3. Change it up a bit.
   
   • Is your password literally ‘password’ (or a variation like pa55w0rd)? Seriously? Guess what? Hackers know this and the programs they write to hack into accounts try this and a few other known popular password types first. These programs can hack your account in milliseconds. What can you do? If the password is too complex, it will be hard to remember and useless. Too easy and you might as well not have a password at all. Take a little time and come up with a few password types you might recall easily. You’ll find the more frequently you use them the easier you’ll recall them. For example try a combination of and old zip code and a name (45852@Jack). Or try a name of a street you lived on once and an old phone number mixed up with a number series at the end (Main St + 1234567 = M1a2i3n4S5t67#12). This is one of my favorite kinds because when I need to ‘update’ it I can make it M1a2i3n4S5t67#13. You get the picture. Just be sure to use a combination of capital and lower case letters, numbers, and special characters (#$&*!) whenever possible. These make your passwords much harder to hack. Pro Tip: Try to use different passwords for different accounts. If you use the same password for all your accounts and a hacker found it, the creep would have access to all your accounts!
     
   • Some other great password solutions are available if you’re into tech stuff enough to set it all up. If you’re all Apple and you’ve iOS 7 on your iPhone, iPad, iPod Touch, and OS X 10.9.x Mavericks running on your Macintosh computers you can take advantage of iCloud Keychain. If you’re not, there are other password manager applications that run on all kinds of devices available (I use KeePass myself). These applications can keep your passwords organized and secure (like that old steel ring your dad kept all those keys on). Just make sure the one you select runs on all the kinds of devices you’re likely to use (including tablets and phones).
     
   • Don’t forget to protect your Wi-Fi signal. If your devices connect to the internet at home using Wi-Fi (or a wireless signal) be sure to have a password set up to connect to it. If you have a lot of nearby neighbors, this is even more important. If you live on or near a college campus – don’t even joke around about this. If you have any questions about your Wi-Fi password or security, contact your Internet Service Provider (ISP) [the people you pay to get on the internet] and ask.
     
4. Use Protection! Key loggers are not your friends.
   
   • Yes, even if you use an Apple Computer, it is a good idea to have a virus or malware scanner running on your computer. Check in the Mac App store for some free scanners. For the Microsoft people out there, Windows Defender comes with Windows … and it is the bare minimum.
     
   • For better protection on any computer get boxed software available at Best Buy, Office Depot, Fry’s Electronics, etc. If you download your software from the internet make sure you use names you clearly recognize and trust, like Symantec, McAfee, and Kaspersky. Also, once you have an application installed, keep it updated like you keep your Operating System (OS) updated. Every day new viruses are created and just about every day (no joke) you’ll get some updates to your virus detection software.
     
5. If you play with fire, you can get burned.
   
   • Pirate Bay anyone? Think bit torrents are awesome? Love watching free movies and listening to free music? If so, you’re in the danger zone. You’d better know exactly what you’re downloading and what your security settings are or you’ll have unwanted pop-ups (at the very least). I shudder when I try to imagine the worst.
     
   • Do you know what Tor is? Like scouring the “Dark Web?” If you’re dabbling in this zone your security skills will need to be well beyond mine in order to maintain total control of your security. Get in touch with me and let’s share notes.

Next, the secret weapon that you can use to prevent someone from hacking your account even if they have your username and password. Two-Step Verification! I can’t recommend it enough, but it isn’t for everyone.

“What kind of witchcraft is this!?” you might ask. “How can someone who knows my password be prevented from accessing my account?” Most major services on the web now offer some form of Two-Step Verification. Basically, when logging into your account on a new device (or a different app or browser, even on the same device) for the first time; you’ll be prompted for a special code in addition to your username and password.

Typically this code is sent to you by text or displayed on a code generating application that can run on your phone or mobile device. So if you’re like me, and always have your phone within reach, this is ideal. If you don’t have your phone with you at all times able to receive a text message or generate a code, this feature is likely not for you.

Here’s how it works: After setting up this feature at home I login to Facebook. I have to put in my username, password, and THEN open the code generator application on my phone to type in the current code (which changes every 20 or so seconds). Because I’m at home, the next time I login I don’t have to put in the code because I’ve logged in from home before (I click “Save this browser”). Now, if I’m going to Facebook at the library I will need to do all the above, but click “don’t save this browser” when prompted.

What’s the catch with Two-Step verification? If I don’t have my phone with me; I’m out of luck. And even more importantly, if I lose my phone I will need to login to my account from a computer that I’ve logged in from before in order to update my Two-Step notification settings. What if I don’t have such a device for some reason? Then I have to use a special recovery code that was generated when I set up this feature. If I don’t have my phone *or* a device I’ve previously logged in with before *or* my “special recovery code” then my account is forever locked, truly lost in cyberspace. Not even the tech god’s can get me back into my account. So put a little time and thought into setting up Two-Step verification for each of your accounts.

Here is some more information on what Two-Step Verification is and how to set it up for some popular services:

USA Today Q&A: What is two-step verification?

Frequently asked questions about two-step verification for Apple ID

MS Windows Two-step verification: FAQ

Google 2-Step Verification

Facebook: What are login approvals? How do I turn this setting on?

Twitter: Using login verification

Ok all, I think that is about enough out of me. Enjoy, share, and keep it safe out there.