The Register-Herald, Beckley, West Virginia

Web Extra

August 9, 2012

Slate: 4 steps to avoid getting hacked

(Continued)

In theory, sure. But the way that Apple implements its "Find My" system isn't very secure. If a hacker gets into your iCloud account, he doesn't need any other credentials to find your devices and delete all your data. That's what happened to Honan, and it could happen to you, too.

Until Apple figures out a better way to protect against others wiping your data (perhaps by requiring a second form of authentication for remote wipes), you should turn off Find My Mac.

But what happens if someone gets your computer — how will your prevent unauthorized access to your data if your computer gets into the wrong hands?

It turns out there's a better security system than remote delete: It's called whole-disk encryption, and it's built into the Mac and some versions of Windows. You just have to turn it on. (Here's how to do so in Mac OS Lion, [http://arstechnica.com/apple/2011/07/mac-os-x-10-7/13/] and here's how to do so in the Ultimate or Enterprise versions of Windows 7 [http://windows.microsoft.com/en-us/windows7/products/features/bitlocker].)

Whole-disk encryption works by scrambling all of the bits on your entire hard drive; the only way to gain access to the data is by entering a password. (Here, too, of course, it would be better if two forms of authentication were required.) Turning encryption on slows down your computer by a tiny bit, but it's not that big of a deal. And when your computer is gone, you can be sure that your data is safe — unless the hacker knows your password, your data will remain hidden to him.

4) Password recovery is a menace. Make sure your accounts aren't daisy-chained together.

Lastly, you should examine how your various online accounts are linked through forgotten password request services. In particular, look up your various important email accounts, financial accounts, social networks and other services. Each of these accounts will ask you for an email address where your password requests should be sent.

Text Only
Web Extra