The last couple of weeks a few Belgian politicians had their twitter account hacked. Which surprised me because people with a public image should make sure they're social media accounts are protected. However, it's not only our Belgian politicians who had this problem. A couple of months ago Mark Zuckerberg got his Twitter and Pinterest account hacked. You can read about here.
Now, before I start this will not be a "I told you so" post because that won't help anyone. The purpose of this post is to tell, and educate, you what you can do to protect your online identity. There are a couple of easy things you can do to better protect yourself online. This post is mostly aimed non-technical people.
Two Step Authentication
When using an online service you should check if they support two step authentication. Wait a moment, what is two step authentication? Two step authentication is a security mechanism that helps you protect your account by requiring you to do an additional action when you login on a website.
The most common scenario is that after you logged into website you will be asked to enter a code. This code is sent to your mobile phone which means your account is more secure. If someone wants to get into your account they will need to steal your phone. This much harder to do because the attacker has a greater chance to get caught. Today most of the popular social media sites (Facebook, Twitter, LinkedIn, etc.) have two step authentication and it's advised your turn them on.
I don't know what the exact reason is how the Twitter accounts were hacked, but using two step authentication could have prevented the hack in the first place.
Password Manager: 1Password
A common problem is that people will use the same password for multiple accounts. This is not something I have made up. Several studies have proven this statement. In general, people use the same password because it's easy to remember. For instance if you use 10 websites and you choose for each website a different password this means you need to remember 10 passwords, which is hard. A solution to that problem can be that you write down the passwords, but what happens when you lose that list? At the end of the day you just want to use the website.
The ultimate password security is that you don't remember your passwords.
So how can we fix this problem? Well you can use Password Manager. A Password Manager is a program that stores all you passwords in a vault and generates strong passwords for you if you need one. The best part is that you only need to remember one password, the one that opens your vault. The ultimate password security is the one where you don't need to remember your passwords.
I use 1Password as my Password Manager. So, how does it work? All my passwords are stored in what is called, a vault. This vault can be found on as file on you hard drive. Now, when you want to login on a website, you have to right-click on the first text box as you can see in the screenshot below:
When you click on the 1Password link you will open your vault. If the vault is closed you will get the following:
Here you need to give the only password you need to know. When you create a new account with 1Password they will generate your password. You don't need to choose your master password, which is a good thing. Don't be afraid to forget your master password because 1Password gives you an emergency kit.
You can print this out, write your password on the emergency kit and used it until you remember your password. Afterwards you can put the emergency kit page in a safe place.
Once your master password is entered you can select the right login credentials to login.
So, I have this software running on my machine, but what about my other devices like smartphone or tablet? Well 1Password let you sync your vault across devices. In the past you could sync your vault file by using dropbox.
Wait, isn't it dangerous to place all your passwords in one place? Yes and no. Yes, when 1Password gets hacked and you will have a problem. However, for 1Password (and LastPass and other password managers) this is their core business. When vulnerabilities are found you can be sure that it will be fixed within hours. The benefits outweigh the risk of getting hacked through a website because you used a weak password.
The last thing I want to talk about is haveibeenpwned. This is a free service, created by Troy Hunt, where you can check if your one of your online accounts has been breached.
The website is pretty straightforward. Just type in your email address and they will tell you which accounts have been breached. I did the test with an old email address of mine and got the result that a tumblr account was breached.
I highly recommend it so you can change your passwords in case you have been breached.
In 2016 the amount of data breaches is higher then ever. Securing your online identity is important. Nobody likes to be hacked and most people only realize this when they become a victim. It's important to educate people in the tools they have at their disposal and that is also the reason I wrote this blog post.
We have seen that you can use two step authentication on many websites and frankly you, as the user, should do it. I know that some people may have privacy concerns with the fact that they need to share their mobile number with Facebook, but if you have privacy concerns you shouldn't really be on Facebook. Now, in the worst-case scenario you can buy a cheap cellphone with another phone number just for this purpose.
I hope you will find this post useful.