There are two main reasons why people are hacked. Flaws in software and human behavior. While there is not much you can do to code vulnerabilities, you can change your own bad behavior and habits.
Just ask outgoing US President Donald Trump, whose Twitter password was, until recently, ‘maga2020!’. Or Boris Johnson, who revealed details of Zoom-sensitive connections. (These world leaders will also have received specific security training from protection agencies)
The stakes are just as real for the average person – even if the stakes are not that high. If your accounts are not properly protected, your credit card could be compromised or your private messages and photos stolen and shared for all to see. Finding out if your accounts have been hacked is a lengthy and potentially frustrating process. You’d better take some steps to mitigate the risks of getting hacked in the first place. And there is no better time to get your digital hygiene in order than at the beginning of the year – start 2021 with a full, but safe, administrator start.
Use multi-factor authentication
Probably the most effective thing you can do to protect your online accounts is to enable multi-factor, or two-factor, authentication for as many accounts as possible. The method uses secondary information – usually code generated by an application or sent via SMS – along with a password.
This secondary information helps to prove that it is really you who are trying to login, as the codes are usually accessed by the phone in your pocket. Even if you have an easy-to-guess password (we’ll talk about it soon), an attacker is unlikely to gain access to an account with multi-factor authentication enabled, unless you have your phone.
There is a guide for all accounts that support the method here, but first, you must activate it for all accounts that contain personal information that can be abused. Messaging apps like WhatsApp, social media, including Facebook, Instagram and Twitter, and your email accounts.
However, not all forms of multi-factor authentication are the same. Code generation applications are considered more secure than obtaining codes via SMS, and in addition, physical security keys provide an even more robust layer of protection.
Get a password manager
Let’s talk about passwords. It’s 2021, you shouldn’t use ‘password’ or ‘12345’ for any of your passwords – even if it’s a disposable account.
All passwords you use for your online accounts must be strong and unique. What this really means is that they must be long, include a mix of different types of characters and not be used on multiple sites. Your Twitter password must not be the same as that of your online bank; your home Wi-Fi network must not use the same credentials as your Amazon account.
The best way to do this is using a password manager. Password managers create strong passwords for you and store them securely. If the fact that they can prevent you from being hacked is not enough to make you think about using one, a password manager also means that you will never have to struggle to remember a forgotten password again.
From our tests of the best password managers, we recommend trying LastPass or KeePass.
Learn how to detect a phishing attack
Clicking quickly can be your worst enemy. When a new email or text message arrives and includes something that can be tapped or clicked on, our instincts usually prompt us to do so immediately. Do not.
Hackers used the pandemic as cover to launch wave after wave of phishing attacks and stupid Google Drive scams.
Anyone can fall for these types of scams. The main thing to do is think before you click. Fraudulent messages try to induce people to behave in a way that they would not normally do – pretend instant demands from a boss, messages that say an urgent response is needed.
There is no foolproof way to identify each type of phishing scam or scam – scammers are constantly improving their game – but being aware of the threat can help reduce its effectiveness. Be careful, think before clicking and only download files from people and sources you know and trust.
Update all
Every piece of technology you use – from the Facebook app on your phone to the operating system that controls your smart lamp – is open to attack. Fortunately, companies are always finding new bugs and fixing them. That is why it is crucial that you download and update the latest versions of the applications and software you are using.
Start with your phone. Navigate to your device’s settings and find out which operating system you’re using and update if you don’t have the latest version (iOS 14 is the latest for iPhones; Android 11 is the latest from Google). For apps and games, Apple’s iOS 13 and higher downloads updates automatically, although these settings can be customized. On Android, automatic updates can also be enabled by visiting the settings page on the Google Play Store.
After updating your phone, you need to find out which devices to update next. This should generally be done in order of potential impact. All laptops and computers you own should be at the top of the list and then move backwards through other connected devices in your life. Remember, everything is vulnerable, including your chastity belt connected to the Internet.
The past may come back to haunt you. The old online accounts you no longer use and the login details that belong to them can be used as a weapon against you if you do nothing about it. Hackers often use details of past data breaches to access accounts that people currently use.
Reducing the amount of information available about your online life can help reduce your risk of being hacked. A very simple step is to regularly delete your Google search history, but you can also use Google’s alternatives that prioritize privacy.
In addition, there is much more you can do to reduce your digital footprint. Find the old accounts you no longer use and delete them. This will reduce the amount of spam you receive and the number of ways that hackers can attack you. Use Have I been Pwned? to find your information on old data breaches, use a VPN to increase browsing privacy and download Tor if you really want to increase your online anonymity.
Matt Burgess is the assistant digital editor for WIRED. He tweets of @ mattburgess1
More great stories from WIRED
π Within France’s plan to combat vaccine hesitation
πΈπ¬ How Singapore beat Covid-19 with technology and contact tracking
π± Want to take better pictures? These are the best phone cameras in 2020
π Listen to the WIRED Podcast, the week in science, technology and culture, delivered every Friday
π Follow WIRED on Twitter, Instagram, Facebook and LinkedIn