Mat Honan’s terrifying tale of being hacked should make all of us examine our digital security closely. If, like me and many others, a significant part of your life is lived or stored on-line, Honan’s story makes clear how vulnerable you can be.
I’ll probably have more to say about the Honan debacle later but suffice to say there are a couple of really important lessons to be learned. The first is that you must have reliable and continuous backup if you care at all about your data. Read Honan’s story to see how devastating, on a personal level, its loss can be.
The second lesson is that you must secure access to your on-line accounts. Honan was the victim of social engineering but there were still things he could have done to help mitigate the damage. One of those things is to lock down your Gmail account. These days, almost everyone has at least one and they often channel multiple accounts through a single Gmail account so that it is their gateway to all their email. The loss or compromise of your Gmail account can be devastating.
One way to prevent that is to use two factor authentication on your Gmail account. That can work in a couple of ways. The simplest is that when you sign on and give your password, Google will send an SMS message to your phone with a code that you have to enter in addition to the password. You can configure this so that Gmail will trust your computer for 30 days or more so that it isn’t as inconvenient as it might seem at first.
Matt Cutts, the head of the Google Web Spam team, has a nice post and video on how to set things up and some of the ways you can work with the system. I really recommend that you check out his post and video and that you implement two factor authentication. As Honan’s ordeal makes clear, the downside of failing to do so is just too horrible.
Thanks for the headsup. Just added the two factor authentication.
What else can be we do to ensure a little more safety? Rotate passwords for one, but its a pain. No cloud services :P ….
Thanks for the article. We ALL need to be more proactive about our personal account security. While he can blame both of the big guys (A+A) who failed him, he still needs to blame himself for failing himself as he did. In this day and age we need to learn to stop throwing the blame on to others and step up and take the responsibility of our info. If you don’t trust the site don’t use it. We have heard a million times don’t use the same passwords, back-up you info, then there is two-factor authentication. 2FA was an option that was made available to him and he did not see the need or want to take the time to set it, so it is his own fault. And that would have limited to damage done. But the sad fact is there are millions of people just like him who are not taking advantage of this awesome functionality that is being offered to them by several sites. I really hope this serves as a wake-up call to companies and individuals alike, for the need to kick this complacent attitude about authentication and passwords. Take advantage of the 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.