60-minute security makeover: Prevent your own 'epic hack'

Got an hour? Here are some ways to better secure your digital life.

1 2 3 Page 3
Page 3 of 3

Issue: Linking your online accounts

Threat: Whenever you've got accounts that are tied together, a breach in one puts others at risk. For example, if you use Facebook, Twitter or your Gmail address to log into other places, a hacker who gets into one account may be able to use it to get into others.

Defense: Be wary about what Honan called "daisy chaining" your accounts -- setting them up so that having access to one gives access to others. And if you are using one account to access others, make sure that account has its own email address and a secure password. This isn't complete protection, just as locking your car doesn't necessarily prevent things inside from being stolen; but it may send lesser-skilled or impatient thieves elsewhere.

Time: Varied: 2-3 minutes to change logins and passwords per account, but it could take more time to update additional apps that depend on such logins.

Issue: Using weak passwords -- or reusing them across accounts

Threat: While this wasn't an issue in Honan's hack, it remains a significant problem as passwords continue to be leaked -- such as the publication of 450,000 Yahoo passwords that were stored in plain text -- or guessed. Once email/password combos are leaked, it's likely that malicious hackers will try them elsewhere.

Defense: We've heard it before, but, like eating our five servings of vegetables daily, many of us still don't follow best practices when creating our passwords. Why? It's just too tough to remember multiple strong passwords, and also annoying to have to type them in -- especially on mobile devices with small on-screen keyboards.

There are various strategies for creating tough passwords -- ones that you can remember but that aren't easily guessed by a human (which means you don't want to use easily learned data about yourself, or "password123") or by a computer in a brute-force attack (words in the dictionary). For example, one approach is to use the initial letters of a long sentence with numbers and punctuation tossed in, such as IwtgttGCfm4b, which one might remember from "I want to go to the Grand Canyon for my 40th birthday."

However, unless you've also got a system for tying a specific sequence to a certain site, this will likely get unwieldy for more than a few passwords.

For lots of sites, it may be helpful to use a multi-platform password manager that can generate, remember and fill in your complex passwords. Just be sure you create an extremely secure master password for that, and never write it down or store it unencrypted.

Time: Downloading, installing and setting up a password manager: 15-20 minutes. Updating existing passwords: 1-2 minutes per site -- something else you may want to do as you naturally visit each site where you have an account, rather than all at once.

Issue: Storing sensitive data on your mobile device

Threat: Hackers can't count on being around if your phone falls out of your pocket, but your mobile device may be even more valuable than your wallet to a thief, and more vulnerable to loss. Imagine what a malicious hacker could do with access to all of your apps and email accounts.

Defense: If your mobile device leaves your home and can access your email, social media, shopping and especially financial accounts, it needs to be PIN- or password-protected. While you may not want to have to type in the complex string of digits, uppercase letters, lowercase letters and punctuation marks you use for financial accounts, you do want more security than a simple screen slide if someone else finds your device.

To set up a lock-screen passcode in iOS, go to Settings --> General --> Passcode Lock. You can find screen-locking options in Android under the Security options in Settings.

Depending on your mobile OS and management software, you might also be able to have data encrypted. In iOS, some data is encrypted once a passcode is enacted; Android 4.0 will add an encryption password if you enable it. Alternately, you can set your device to automatically wipe its data after a maximum number of failed entry attempts.

Time: Setting up a password or PIN on your device: 2-3 minutes. Inputting your password when you want to use your device: less than a minute.


Is it possible to make your email, social media and other online accounts 100% hack-proof? Probably not. But if you've got an hour to invest, you can shore up your defenses so at least you're a tougher target.

Sharon Machlis is online managing editor at Computerworld. Her e-mail address is smachlis@computerworld.com. You can follow her on Twitter @sharon000, on Facebook, on Google+ or by subscribing to her RSS feeds:
articles | blogs .

See more by Sharon Machlis on Computerworld.com.

Copyright © 2012 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon