As a result, the Internet became a weeklong seminar on how to not be like Mat, starting with Honan himself, who admirably posted lengthy accounts of the disaster and why it happened to show people what they could do differently. Here?s what the Web is saying:
For Goodness? Sake, Use Two-Step Google Account Verification.
Writing in the aftermath of the attack, Honan said the ordeal might have been prevented if he?d had two-step verification on his Google account. When James Fallows at The Atlantic issued a lengthy call for everyone to turn on this feature immediately, I did. It?s one of those 5- to 10-minute commitments you?ll do once and wish you?d done ages ago.
The idea of two-step verification is that no one will be able to break into your Gmail if they don?t also have your phone. When you type your password to log in, Google takes you to an intermediate screen where it asks you to input a six-digit code sent to your phone. Enter the code and you?re logged in. If you have a smartphone, you can download the Google Authenticator app, which is designed to be even more secure than simply having Google send you a text containing the code. Authenticator cycles though six-digit codes, refreshing automatically; you use the newest code to log in to your Google account on the Web. It?s also convenient for when you don?t have Internet access. (Google also recommends actually printing out the extra codes it gives you in case you?re without phone and Internet.) I?d recommend the authenticator not only for the security, but also because it feels so cloak-and-dagger.
Now, this isn?t complete security. To keep from annoying you to death, Google gives you the option of making your home computer a ?trusted" computer, where you input the numerical code only once a month. So if somebody stole your laptop, you?d still be logged in and they?d have access. Likewise, two-step authentication gives you a special password, different from your ordinary Google login, for clients like the Mail app on your iPhone. But if somebody stole your iPhone and got through your passcode?bam, they?re in your Google account. This is a public service reminder to log out/change your passwords if your devices disappear.
Follow the Advice You?ve Been Getting All Along.
If you?ve ever read anything about online security, you?ve probably been told the same commonsense advice over and over: Don?t use the same password for multiple accounts. Don?t put all your files in one basket. (If your default is cloud storage, like Honan?s was, keep a hard copy of important stuff. If your keep hard copies on your machine as a default, keep extras on the cloud or on an extra drive.) Here are some more from Computerworld.
You know you?re supposed to do this. But it?s exactly the kind of boring life infrastructure that slips through the cracks because it?s never the most important thing to do in your day. Until you lose everything. Even Honan, a tech journalist for years, admits he didn?t keep extra copies, and now has lost photos of his daughter that will never be recovered.
Make Your Life Slightly More Annoying. Really.
Like most online shoppers, Honan had payment methods on file with Amazon. By breaking into his Amazon account, hackers could see the last four digits of his credit card number. By acquiring the last four digits of his credit card number and figuring out Honan?s address, the attackers could get a temporary password for his Apple ID. With his Apple ID, they could remote-wipe his Apple devices.
To lower the chances of all this happening to you, make your digital life more annoying. Don?t keep a credit card on file with Amazon. (If you have some and want to delete them, go to Amazon, then to the Your Account homepage, then select Manage Payment Options.) Keep separate AppleIDs for your laptop, your iPad, and your iPhone, even though Apple doesn?t want you to. Put up with Google two-step verification. Have enough different passwords that you have to think hard about what goes with what.
Beware iCloud.
Another scary part of this, as PM?s Rachel Z. Arndt wrote recently, is that Apple is increasingly pushing your Apple ID as the gateway to everything in your Apple universe. Although Apple says it?s working to solve the problems that led to Honan?s disaster, PC World argues that there are some serious security flaws inherent in the ?it just works" seamless connectivity between all your devices and the cloud.
Source: http://www.popularmechanics.com/how-to/blog/what-the-web-learned-from-one-epic-hack-11523542?src=rss
russell wilson catch me if you can delmon young arrested the raven the raven zerg rush david wilson
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.