Over the years, we’ve all begun to accrue a rapidly growing collection of digital assets. These range from photos of your kids, to business websites, to simply the thousands of emails archived in your Gmail account. As we pile more and more information into our online accounts, those accounts become more and more valuable to hackers. The recent case of Mat Honan’s incredible hacking has opened the eyes of many people, and we’ll share some tips below on how to protect your accounts.
The first step, of course, is a secure password. You can use a service like LastPass, which is great, but one way or another you simply need to make sure your passwords and long and obnoxious. Making them long doesn’t necessarily mean they need to be hard to remember — just hard for others to guess. The comic XKCD has some good examples of this.
Protecting your website is a little bit trickier. It certainly starts with your password (both for billing and your “control panel”), but it goes well beyond that. We power all of our websites with WordPress, which can be vulnerable if you don’t update with the latest version every few months. Updating WordPress isn’t particularly difficult, but incredibly important. We manage a large collection of WordPress-powered sites, and make sure that every one of them is current with the latest version of WordPress at all times. If you’re out of date we’d be happy to show you how to update it yourself, or we can take care of it for you for very little cost.
Files and Accounts
We’ve already talked about passwords, but many services are taking things a step further to protect you even more with a system known as dual-factor authentication. Simply put, it means that instead of just entering a password you need to do two things to get access to your account:
- Know something, such as your password.
- Have something, such as your mobile phone.
If someone gets your password, it’s worthless without your phone. If someone steals your phone, it’s worthless without your password. Combined, they make for a very formidable defense.
Google and Facebook first unveiled their dual-factor systems more than a year ago, and Dropbox has since done it as well. I hope to see others (Twitter and Evernote come to mind) add it as well. Here’s a bit about how Google’s system works:
To get started, here are the pages that have more information for those three products:
- Google: http://support.google.com/accounts/bin/answer.py?hl=en&topic=1056283&answer=185839
- Facebook: https://www.facebook.com/note.php?note_id=10150172618258920
- Dropbox: https://www.dropbox.com/try_twofactor
Dual-factor authentication is kind of a pain, and it makes for a bit more work when you sign in, but it’s a small fraction of the pain you’d experience if you lost access to one of those services. We strongly recommend you enable it on all of them as soon as possible.
Stay safe out there!