You aren’t an Academy Award-winning actress or a curvy Sports Illustrated swimsuit model. You don’t have a million Twitter followers or paparazzi following your every move. And there probably aren’t hordes of adolescent boys fantasizing about your romantic liaisons.
But that doesn’t mean you’re not at risk. If there’s one thing we’ve learned in the wake of The Fappening scandal, it’s that our digital lives are ripe for the plucking. Even if choose a device bundled with the latest and greatest security measures, it’s all too easy for a motivated hacker to steal all of our sensitive data without ever laying a finger on our phones.
As long as we store our personal information in online vaults, someone will always be trying to pick the lock.
Compared to the hacks of financial institutions and government websites, however, this one was decidedly low-tech. In fact, it was barely a hack at all. From the best we can tell, the perpetrators were able to guess a few dozen celebrities’ iCloud logins and passwords using an email phishing scam or password reset deception. Then, those logins were likely authenticated by running them through a readily available “forensic access” program that allowed the perpetrators to usurp anything that resided in their backups.
A few simple security steps may have saved Jennifer Lawrence and Kate Upton from embarrassment. Apple has admitted that it could have done more to protect these victims—at the very least alert them early enough in the process to lock their data before it was stolen—and has promised to beef up its own security, but as long as we store our personal information in online vaults, someone will always be trying to pick the lock. But we don’t have to make it so easy for them. No matter what Apple or Google does to safeguard it, we need to take our own steps to make sure hackers have as hard a time as possible gaining access to it.
Change the locks
We’ve heard it all before, but no one really listens. Even if you’ve evolved beyond Password1 or 123Abc, using the same code for every login can be dangerous. You know the rules: always use a combination of upper- and lower-case letters, numbers and characters, and try not to make it an obvious word, like your child’s name or your favorite band. And even if you’ve been diligent about using strong, varied passwords, it’s good to get into the habit of changing them every few months.
When it comes to security questions, things like your mother’s maiden name and your high school mascot can be easy to guess, so make your answers as random as possible (but still something you’ll remember). And like your passwords, it’s not a bad idea to rotate these out every few months.
The power of two
You’ve probably read about something called two-step verification, but you might not know what it is. In its simplest terms, it’s an extra level of protection beyond your password and security questions; if you’re using an iPhone, for example, Apple’s TSV requires you to verify the identity of each of your devices before you can make purchases or manage your Apple ID account. The extra step involves registering any new device with a 4-digit verification code before you can use your Apple ID. Setting it up isn’t a particularly difficult process, but you will have to change your password to adhere to a set of stricter parameters and wait three days (just in case someone else is attempting to access your account without your knowledge). At the end of the setup, you’ll get a 14-character Recovery Key that you can use to lock down a specific device in case someone compromises it. A word of advice: Don’t lose it.
Thanks to cloud-based backups, we no longer have to remember to sync our phones with a computer when we buy a new device. It’s quick, seamless and can be a lifesaver when we lose or break our phones, but there’s an inherent danger: Our photos and documents are out of our hands. Now, some 99 percent of this data is harmless, but even still, you wouldn’t want some stranger rummaging through all of it. Thankfully, cloud backups aren’t an all-or-nothing situation. Like the backups on our PCs, you can choose to eliminate certain apps from the automatic phone backups; that way, anything that might contain something too personal (like your camera roll) can be excluded. Whatever you don’t want in the cloud can easily be backed up to your computer where it’ll be safe and secure until you need it.
Hire a manager
There’s a reason why we all use simple, universal passwords: They’re easy to remember. Or at least they’re easier to remember than a nearly uncrackable string of case-sensitive letters, numbers and punctuation marks. With a good password manager, however, you won’t have to remember any of them. Like a safe-deposit box, apps like 1Password, Dashlane and oneSafe will encrypt and securely store your passwords (and anything else that needs safe-keeping), only giving you access after entering a master password. You can store everything from passwords to credit cards with complete peace of mind. Our suggestions: 1password (agilebits.com/onepassword), Dashlane (dashlane.com) and oneSafe (onesafe-apps.com).
Now be careful out there.