IT security is a hellishly boring subject. It’s riddled with nonsensical militaristic metaphor, which ends up with most people confused, scared, and none the wiser. IT security people are, as I’ve argued before, possibly (and undoubtedly unwittingly) the biggest part of the security problem out there.
Recent hacks – the Adobe one in particular – have left our vital systems (particularly the social networks and email systems we increasingly rely upon) more vulnerable than ever. We could all be doing a bit more to protect ourselves, though – two things, specifically:
1. Don’t use the same password across all of your logins. If you’ve got the same password for more than one system, then if one of them gets hacked in a mass attack like the Adobe hack, all of your systems using that password become vulnerable.
Come up with some sort of scheme for how you can make passwords unique yet memorable to you. I’d prefer twenty relatively weak but unique passwords to one very complex yet reused one.
2. Turn on two-factor authentication on every service you use where it’s available. It’s not impregnable, but two-factor authentication (which means that you get some sort of PIN from your mobile phone when you go to log in on a new device) greatly reduces your account’s vulnerability to being compromised.
What this means in practice is that you, every so often, will need to use a little app on your phone, or wait to receive a text message, before you log into your account on a new laptop, tablet or phone. It’s a bit of a pain in the bum first time you set it up, but it’s not so bad once it’s up and running.
Here are the basics of how to do it for the various popular services:
I think that there is a popular misconception amongst many people that they’re not important so therefore they won’t get hacked. It’s generally not the targets of the News of the World who get hacked, though. It’s general Jo and Joe Public, but the ones who use the same passwords across many services and think that they’re not important enough to get hacked. Hackers are often using automated tools, are are looking for easy prey. We’ve all got a duty to manage the basics to try and keep at least some of the nonsense at bay.