Recently, a number of iPhone users in Australia were dismayed to find their iOS device locked with a message that they had been hacked by Oleg Pliss, who demanded a ransom of 100 euros for the unlock code. While initial finger-pointing was directed at Apple for some sort of hacked iCloud server issue, it turns out the hack can be directly attributed to password reuse with multiple online accounts.
When you hear about a company being hacked and user data being compromised, it’s often a case of someone stealing not credit cards but user credentials, which can be valuable themselves. Along with all the crazy rules for creating a complex password, one thing that is stressed is that it be unique.
I, like many, aren’t following that important rule of creating a unique password. Most people have a habit of using a password or some slight modification of that password to access most of their online identities. It doesn’t take much for a hacker to throw a long list of usernames and passwords at a website to see what gains access.
This being the case, it’s incredibly important to use different passwords for every account you use online. Use a password management utility such as LastPass or 1Password for generating and saving all your complex passwords.
In addition to having different passwords for every site, another way to further secure yourself is to use two-factor authentication whenever possible. Two-factor authentication steps up your security by including a secondary device in the password modification process.
With security questions for password resets, someone who does some research might be able to figure out those answers and gain access to your account. With two-factor enabled, any change to your account must be verified.
One way to do this is to have a text message that contains a security code that must be entered to gain access to your account delivered to your mobile device. If you get a text and you didn’t make the request, then you know someone is trying to get into your account. Ignore that text and your account stays the same and the attempted changes can’t be made.
The same users who got hacked in Australia could have avoided that situation had they been using two-factor authentication, as Apple certainly supports it.
Two-factor authentication probably isn’t available to quite a few online businesses. But most banks, social media sites, and other sensitive sites, such as email and online merchants, do have it. Just check online to find out whether they support two-factor authentication and enable it if it’s available.
No two-factor? Then be sure you’ve got your unique, complex password in place. It might be a headache initially. But once you’re following some improved practices for your online security, the headaches you’ll avoid will far outweigh the hassle.