by Chas Danner
Last weekend, tech journalist Mat Honan faced the digital equivelent of a random act of violence when hackers, attracted to his three-letter Twitter username, picked him for an attack:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz. Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Honan's terrifying story has been the talk of the tech world this week, especially because the methodology of the attack, which Honan subsequently learned from one of the hackers, exposed massive problems with security protocols at both Amazon and Apple. While both companies have now closed those holes, there is still much that can be done to prevent being hacked, the very least of which is using separate, complex passwords for different services:
[E]veryone should still have a good password system set up. We've shown you how easy it is to hack a weak password, and if you use the same one everywhere—or even easy-to-crack variations—you're screwed. Remembering 100 different passwords can seem tough, but it's okay if you don't know them off the top of your head—in fact, it's more secure. Use a tool like LastPass (or one of these alternatives) to keep your passwords easily accessible from any of your machines, no matter how long or complex they are (but remember, multi-word phrases are actually the best password you can have).
And make sure your digital life is sufficiently backed up. Another measure is using two-factor authentication, when available, which requires both a password and a phone to access an account. Wired's guide to avoiding Honan's fate is here. Gizmodo's guide is here.
