The Definitive Post-Epic Hack Security Rundown

This past weekend, the internet shed a collective tear for tech writer Mat Honan as his entire digital identity was eviscerated by hackers for no particular reason (unless you consider the fact that they liked his short Twitter handle, @mat, as a legitimate reason). In the wake of this Epic Hack, nearly every tech blog has offered suggestions on how to secure your online identity; here is a rundown of some of the best advice:

1. Two-Step Authentication
“Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened,” Honan wrote in his first-hand account of the hacking. Lifehacker does a pretty convincing job of selling this method of authentication, which essentially uses both your phone and your computer in tandem to confirm your identity (much like a bank).

2. Be Extra Careful of Your Password Selection
This has been no-brainer advice forever, but it’s advice that bears repeating: “abc123” and “password” are not good passwords. Wired recommends long passwords with a variation of letters, numbers, and special characters, like GjQ*P0@As. The staff also advocates password generator programs such as LastPass and 1Password, which not only create unique passwords, but also provide a way to manage the passwords you have. Furthermore, no matter how unique and uncrackable your password may be, it should never serve as the end all be all. Varying your passwords for each site is just as essential as having a strong password.

3. Untether Your Accounts
Linking accounts is quick and convenient for everyone who uses multiple social media sources. It’s also incredibly dangerous. By unlinking your social media accounts and having separate passwords for each, in the event that there is a hack, you’re more likely to keep that breach as an isolated incident.

4. Get Creative with Your Security Questions
Security questions should be seen as an opportunity to fortify passwords. “What is your mother’s maiden name?” This information can be obtained online by any common Googler, let alone hacker. Information Week suggests using fake personal data as an added level of security, and then using a password manager (like the ones mentioned above) to keep track of it all. “What was your first pet’s name?” H4v6P*G? Sounds about right.

5. Disable Remote Wiping
Both “Find My iPhone” and “Find My iMac” seem like godsend apps: they allow you to locate your phone or computer in the unfortunate event that they go missing. These apps, however, provide a hacker with insane amounts of power if they take over your Apple ID. Honan’s entire laptop was wiped out via these apps’ remote wipe function, taking with it years worth of invaluable photos. As Information Week notes, “Consider an independent remote wipe service, rather than relying on one which is part of the cloud offering it aims to protect,” said Paul Ducklin at information security company Sophos.

6. Backup Your Data
Dovetailing tip #5, it’s important to always keep an offline backup of your files. If you’re storing years’ worth of photos in a cloud, sure it saves you valuable storage space, but if that cloud becomes compromised, you face losing that data. By backing up your files you ensure that, even if the cloud copies get wiped, you won’t lose it all for good.

7. HTTPS or Bust
Most of the big-name online services (Google, Facebook, Twitter, etc) run exclusively on HTTPS connections (the S stands for secure). What this does is encrypt your data stream so that third parties can’t hack in and glean your personal information over unsecured networks. If you’re using your laptop in a public space, you should be using HTTPS add-ons and extensions to encrypt your data.

While the latest Epic Hack has forced both Amazon and Apple to reconsider and revise some of their security practices, there will always be vulnerabilities. Hopefully, by heeding these 7 pieces of advice, you’ll be better able to fend off potential breaches and live a long, untarnished digital life.

(Image by VladimirZhV (Own work) [Public domain], via Wikimedia Commons)

About the author  ⁄ Erik Helin

Erik is BrickHouse Security's copy chief. Hailing from the Midwest (Wisconsin), Erik moved to NYC in 2010, securing a job at BrickHouse shortly thereafter. Outside of work he writes about music, does freelance advertising work, and wastes his life on the internet. Aside from no-brainers like cheese and beer, Erik enjoys music, travel, TV, his cat, and Brooklyn.

  • This incident goes to show why validating with a pin that isn’t recorded anywhere is better than the last four of a CC; at the very least the last 6 of a CC should be used if that’s an option