How bad security can lead you to lose over $11,000 of your own money AND lock yourself out of your social media accounts.
Well, this just happened to Chris Hau and you can see more about that here 👇🏼
Could you get hacked?
Regular people like you and me can and do get hacked every single day. You can get locked out of your accounts AND suffer a huge financial impact because of it, so today, I want to share with you some tips to stop this from happening to yourself, and how Chris could have avoided it himself.
The most basic thing that you need. If you use the same password for everything, then stop right now and follow these steps:
- Sign up for a Password Manager (My current favourite is 1Password - Get 50% off a Personal or Family Plan)
- Visit Have I been Pwned and enter your main email addresses to check if you have already had your passwords leaked online.
- If you have, then change your passwords on those websites first, and then any other websites where the same passwords were used. Make sure you use a unique password on every website and store it in your password manager.
2 Factor Authentication
Although Chris Hau explains that he was hacked DESPITE having 2FA enabled, this is still a really important step to take in protecting your accounts.
If people really want to, there is a way to bypass those text messages. That's not great - particularly if you have online accounts with either money, or linked to a debit or credit card.
Don't use text messages as your authenticator. Instead, use one of the code generator apps, like Authy. Or Google Authenticator. 1Password does have a 2FA code generator built-in, but from a security perspective, I'm not a fan of storing the password AND the 2FA code in the same place.
But, if you really want to be sure - then you'll want to move on to the next step.
Yubikey or Google Titan Key
Using one of these is pretty much the surefire way and the best way to protect your accounts.
Grab yourself a Yubikey, which works very much like a physical key to the front door of your house.
If someone doesn't have the physical key, then they can't log in to your account. It's that simple.
I have one for all of my important accounts because I just don't trust people anymore!
They come in different shapes and sizes, and you'll need to pick ones that connect into the devices you own. If you are an Apple user, then you'll need a lightning connector. If it's an Android phone then USB C. And if it's a Desktop or a Laptop, then either USB C or the standard USB size.
My advice here is to grab at least 2 of these keys and set them up with every website that you want to protect. Why 2 keys? Because if you lose one or one gets stolen, then you still have a key to get in, and you can simply just remove the lost or stolen key instead.
Once you've added a key, make sure you go back into your accounts and turn off the other forms of 2FA. Because if you leave something like SMS there, that's still going to be a problem.
Log out of all known devices
Once you've followed the above steps, then it is well worth taking this extra step, just in case someone is already logged into your account without your knowledge.
Most applications have the ability to forcibly log you out from anywhere, and then when you sign back in (after following the above steps), you will be prompted to sign back in again.
If anyone else was signed in, then they'll be logged out immediately, and won't be able to log back in again unless they physically have your Yubikey.
To do this with Facebook, you go to Settings & Privacy -> Settings -> Security & Login. Under 'Where you're logged in' click see more. Scroll down, and then Log out of all sessions.
This is how you can protect your online accounts, and this is what I've done for my accounts recently and I've (thus far) not had a single issue with someone getting into my account who shouldn't have.
Also whilst you're reading this - take 2 minutes of your life to check with your parents, or your kids, or your friends, that they're at LEAST using a password manager. If they're not, show them how to use one.
If you want to get more info based around security, tech, finance and business, sign up for the weekly newsletter: http://news.petematheson.co.uk/
Thanks for reading!