I'm on vacation and after reading all about how Mathew Honan got hacked (thanks Apple for giving the hacker access! Read about that here: http://www.macrumors.com/2012/08/05/apple-support-allowed-hacker-access-to-reporters-icloud-account/ ) I'm working on making my security better. I've done what +DeWitt Clinton recommends (turning on two-step verification) but I also changed all my passwords. Here's what I do. 

1. I use a passphrase. I come up with something like this: "Bill Gates Loves XXXX in 2012 XXXXX." So that turns into a password like this: $BGlAi2012A (I add a symbol like dollar sign just to make the password harder to figure out) That kind of password just can't be guessed and it is different for every service, so if one gets hacked the hackers can't get into the others. I use a passphrase because that way I never have to write down my passwords and I don't need to rely on a third-party service to keep my passwords. If you have a better methodology I'd love to hear it.

2. I change my passwords every three months. Mostly because Rackspace forces me to, but also this makes sure that I'm OK, even if some service gets hacked and my passwords get shared. 

3. I try to minimize the amount of cross-service dependencies. I regularly go to Facebook's dependency list and remove apps I no longer use https://www.facebook.com/settings/?tab=applications I do the same on Twitter and Google.

4. I only use security questions that you can't find the answers to online. That minimizes the amount of social hacking that should be possible, like what Mathew's hacker used to get through Apple's security on the phone.

How do you protect your systems from getting hacked?
Google 2-Step Verification

If you do only one thing today, please enable 2-step verification on your Google account. We have a Getting Started guide here:


And step by step instructions for setting up SMS here: 


Then download the app for your Android, iOS, or other smartphone here:


How it works

2-step verification works by requiring both your password, which only you know, and a one-time secret number generated by your phone, which only you have, the first time you access your Google account from a new machine or device.

So while you might have your password stolen someday, or you might lose your phone, it's very unlikely both would ever happen at the same time. Unless you wrote down your password on the back of your phone.  But you wouldn't do that, now would you?  : )

It's easy!

A few minutes today means you won't ever have to worry about someone getting into your email or your other personal data again. I've enabled 2-step verification on all of my Google accounts and I sleep much better at night for having done it.

Today's the perfect day to enable 2-step verification, too.  My heart goes out to Mathew Honan after he lost his password to hackers last night [1,2].  Now, like thousands of others who hear his story, he will no doubt be setting up 2-step verification on all of his accounts right away.

It's for you!

Keeping personal accounts safe is something that everyone wants, not just famous journalists or computer geeks.  While it doesn't happen every day, sometimes anyone, even you or me, can make a mistake and accidentally let a password fall into the wrong hands.  So why not take just a moment today and make sure that even if it does happen to you, your data will still be safe and secure forever.

Let us know in the comments once you've set everything up!

[1] http://www.emptyage.com/post/28679875595/yes-i-was-hacked-hard
[2] http://gizmodo.com/5931828
Shared publiclyView activity