2 min read Data Security

Lessons to learn from Mat Honan’s epic hacking

If you haven’t read about this hack already, take 20 minutes out of your day and read through the article attached below. While the importance of complex passwords, separating your accounts and more can’t be over-stated, there some simple things you should do right away, for example:

  • Enable two-factor authentication in Gmail so that accessing it requires two items — your password and a one-time code — to make it tougher to get in.
  • Facebook has a few security settings that you should make use of. Spend a few minutes, clear out unknown sessions and devices, and enable notifications when your account is accessed on an unknown computer/device.
  • Don’t ‘daisy chain’ your critical accounts — ie, prevent making two very active accounts the recovery/backup account for each other.
  • This one is for everyone that has asked me for this advice over the last 5 years — no, don’t click on a link or open an attachment to something you do not know or understand. If it was really important, the person will find a way to make sure you see it.

The article is a worth read to understand sometimes how simple it is to get access to your life. Don’t get me wrong, I’m a big advocate of the web in terms of function, use and all that pretty stuff. But everything has its cons so let’s not be careless about it.

To the experts, I say we really need to look at some standardization. This line concerns me deeply: 

The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification’‪
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
[…]
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.

You might also like...

Sep
02
Focus Mode in iOS 15

Focus Mode in iOS 15

Focus Mode on iOS 15 0:00 /0:00 1× I talk about the new focus mode coming to iOS
Jun
17
Following up on Hey, the new email service I’m using

Following up on Hey, the new email service I’m using

Following up on Hey from Basecamp 0:00 /0:00 1× Earlier this year, I moved over to Hey, the
1 min read
May
09
Apple Podcasts Subscriptions, with Ramsey Tesdell and Lucas Skrobot

Apple Podcasts Subscriptions, with Ramsey Tesdell and Lucas Skrobot

Apple Podcasts Subscriptions 0:00 /0:00 1× My conversation with Ramsey Tesdell, CEO of Sowt, and Lucas Skrobot, host
1 min read
Feb
22
The social accountability of Clubhouse

The social accountability of Clubhouse

TL;DR Your actions on Clubhouse could have an impact on the people who invited you, and maybe even on those who you might have invited. A subtle, but valid sense of accountability other platforms do not give you.
2 min read
Feb
03
I’m jumping onto Hey, the new Email service from Basecamp

I’m jumping onto Hey, the new Email service from Basecamp

Hey, the new email service from Basecamp 0:00 /0:00 1× I've recently jumped onto Hey, a
1 min read