A couple of years ago, Julia got an email from a friend asking why she had emailed out a link to apparent spam. By the time a few more email replies from friends trickled in, Julia had figured out she was the victim of an email hack. After the initial wave of panic, she quickly changed her password on the account which, thankfully, she still had access to.
As it turns out, the hacker’s IP address came from Beijing, China. They had only used Julia’s account to send spam and did not appear to access any of her emails. Had they read her email, they would have had access to years worth of personal information, including credit card numbers, photos of our kids, private conversations–you name it. It was scary stuff and a reality check for us.
Since that hack on Julia’s account, I’ve seen posts on Facebook from friends who have had a similar experiences. Many of them marvel at why they were selected for an attack and how on earth the criminals guessed their password.
If this has happened to you, don’t beat yourself up, but you should know it is often the result of people being lax with their online security. You know not to leave your house key under the door mat because it’s the first place a criminal will look. Online security is the same way. It’s likely that criminals know the game better than you, and if you make it easy for them to exploit you, they will.
With that said, let me share three simple points to help you shore up your online security, lest you be the victim of a hack that exposes some of your most personal data to hackers with nefarious intent.
What Should You Do If You Are Hacked?
If you realize you’ve been hacked, step one is to log in to your account immediately and change your password. This will lock out anyone who had access using the hacked password.
Once you do that, it’s a debatable question of etiquette as to whether you email everyone again to let them know and/or apologize for the hack. My thought is to not bother with the second email. It should be obvious to most people that you were hacked and did not intent to send a link to such an incredible weight loss product/cheap v1agra/R0lex watch. People should know to avoid clicking on spammy links by now.
How Did The Hack Happen?
I don’t know what the actual percentage is, but according to my own sarcastic opinion, 99.99% of the time these account get hacked, it is due to one simple reason.
You are using the same username and password combination elsewhere on the web–quite possibly everywhere on the web.
This is how hackers were able to access Julia’s email account.
Look, I know you feel like you’ll never remember which whacky password went to which website, but you just have to stop using the same one for everything. It’s the digital version of the key under the door mat. Criminals are out there hoping you will do this. In fact, they depend on it.
Here’s how these hacks happen. Much like houses, some websites are more secure than others. Email providers like Gmail, for example, are locked up like Fort Knox. Other sites like that photo printing website where you made your Christmas cards or that free music service you listen to are less secure. Hackers can exploit weaknesses on these smaller sites to get them to cough up username and password combinations. And it’s not really all that hard for them to do, either.
Once they have those stolen username and password combos, they can try them on a myriad of larger, more secure sites like Gmail, Yahoo, Facebook, Amazon, etc. If you’ve used the same username/password combo all over the Internet, you’ve made it highly likely that these hackers will be successful accessing your secure accounts with the same username/password combos stolen from less secure sites.
How Can You Keep Your Accounts Secure?
If you use these four tips when creating a password, you will go a long way to keeping yourself safe online.
Have a unique password for every online account.
This single step will prevent the vast majority of hacks, but this alone is not enough. Your password also has to be robust, even complicated. I know it’s hard to remember random passwords, and that leads us to the next tip.
Use a phrase you can remember.
Think of a phrase like “the hills are alive with the sound of music,” abbreviate it, then use that as a starting point for your new password. Now you have “thaawtsom.” Make the phrase you use relevant to the website you are on so that it’s easier to remember. So this phrase about music might be the password phrase for Pandora or iTunes, for example.
Make passwords complicated.
Passwords should never be shorter than 8 characters, and longer passwords are even better. The more complicated they are, the more difficult they’ll be to crack.
Now, let’s take the phrase we used earlier and mix in a few upper and lowercase letters, like this tHaawtSoM. Now substitute a few letters with numbers: tH44wtS0M. Then add in at least one special character, like this: ¡tH44wtS0M! and now you have a password that is less random but very secure.
If all else fails, iCloud keychain is a new feature for Mac users in Mavericks and iOS7 that will suggest very complicated, random passwords for sites you visit. You only have to remember your iCloud password and Safari will remember the rest. It’s pretty handy and works well for me. LastPass and 1Password are similar paid alternatives that have been around even longer.
Never use obvious passwords.
If you are using passwords like “password” or “123456″ you are asking for trouble. You may be interested to see if your password is on the list of the 25 worst.
Don’t Gamble with Your Digital Security
You know not to leave the house without locking your doors, but many people take their security far less seriously. Ironically, a hack can do much more damage than a house break in. So do what you can to stay safe out there. Change your passwords today if you know they are not secure! The web is only going to be as safe as you make it.