The Register-Herald, Beckley, West Virginia

Web Extra

August 9, 2012

Slate: 4 steps to avoid getting hacked

(Continued)

If they're all pointing to one another, a single hack could let an attacker get into everything else. For instance, if Gmail is set to send password resets to your Apple account, and your bank is sending requests to Gmail, then all the hacker needs to do to wreak havoc on your finances is steal your iTunes password (which is probably not very strong, because you hate typing out a tough password on a touchscreen to download apps). With your iTunes password, he can get into Gmail through a password request, and once inside Gmail, another password request will let him into your bank. This is exactly what happened to Honan.

What should you do about this? I would create a single, secret, ultra-secure email address that you designate as the one place to send all password resets. What do I mean by ultra-secure? I mean a new Gmail account — something like betyoucantguessthis@gmail.com — with a very strong password and two-factor authentication turned on. Now go to all your other accounts and have them send password requests to this secret address. It's important that you don't use this address for anything else — don't send mail from it, don't use it to sign up for newsletters, don't let anyone know that it has anything to do with you. As long as it remains secret, any password resets that are sent its way should be safe.

Nothing online is perfectly secure — determined hackers can get into anything if they really put their minds to it. But the guy who attacked Honan wasn't some mastermind. He was a kid who just wanted to wreak havoc, and he happened to know about a few key vulnerabilities at Apple, Amazon and in the systems that govern our online lives. But a few simple steps would have made his attack much more difficult. The stuff I'm suggesting isn't hard to do. You should do it now.

---

Manjoo is Slate's technology columnist.

1 2 3 4 5 6
7
Text Only
Web Extra