👨💻 Don’t Allow HACKERS Into Your Life
A cautionary tale along with actionable steps to protect against hackers
Today’s post looks at clever ways you can prevent attempts to hack into sensitive data like your bank or social media. Hackers have been on the rise since the pandemic, and more and more people are being hacked regularly. Stick around till the end for a framework you can use to prevent hackers from entering your accounts.
Welcome to TonyTriesStuff,
We here are keen on trying new hobbies to increase our repertoire of skills. Whether you've stumbled across this for the first time or are a regular, thanks for taking the time to look through what I have created. Read on to start your journey toward mastering skills you are passionate about.
Today we are looking at deterring hackers from stealing your login information. I go over a story told by a friend of mine recently. I had a similar experience when I got a notification on my iPhone asking me if I was trying to log into my account from another country. This prompted me to adopt the tips I shared towards the end of the post.
The story
This is the story that inspired me to write about this topic. Luckily, it has a happy ending, but this is one situation in which none of us wants to find ourselves.
One day, a friend of mine woke up to an alarming notification. Their bank stated that $450 was debited from their account. They immediately got in touch with their bank. Before they got through to customer service, a new notification stated that another $450 was debited.
After a long wait, the bank finally got through to my friend. They performed their usual checks. My friend was asked to confirm if they recognised the payment recipient. It wasn’t easy to work out who it was, but it wasn’t someone they knew. Finally, the bank helped by blocking the card and applying for a new card.
Luckily the bank cancelled the second transaction and reimbursed my friend for the money lost in the first transaction.
A few weeks later, my friend opened their Gmail to find an email from Google Ads. My friend did not create a Google Ads account. Someone gained access to their Gmail and linked a Google Ads account to Gmail. And then, the linked payment card was used to fund an ad campaign.
This story luckily ended with a happy ending but imagine waking up to see all the money in your account drained. No money left for essentials. Having to tap into savings or investments to meet day-to-day expenses.
My analysis of the situation
At some point, a website was breached, leaking my friend’s email ID and password. This password was then purchased by a hacker somewhere who used it to log into Google.
Two leading causes for the hack:
The same password on all accounts: My friend mentioned that they had used the same password on all their accounts. My guess is that, at some point, one of the accounts got compromised. The compromised information could’ve been purchased by a hacker who successfully infiltrated their Gmail account.
Lack of Two-Factor Authentications (2FA): Even after the hacker got access to the login credentials, the hack could’ve been prevented if the account had 2FA turned on. Since 2FA was disabled, the hacker was given access to the account with just the password.
Other noteworthy stories
Here are some other stories of hackers trying to access accounts. This Jim Browning video is particularly harrowing as their whole YouTube channel was almost deleted. This Jon Rettinger video showcases how hackers can seem very convincing. Both have common themes of being too trusting and tired at the time.
Consider subscribing!
How to deter hackers
Recommendation 1: Use a password manager
In 2021 alone, billions of user login data were compromised. This means if someone uses the same password on all their accounts, then if one of their accounts is compromised, all of them are compromised. This website helps determine if your account details leaked during a data breach.
There are many password managers to choose from. If you are okay with shelling out for a subscription, then some options provide many features like cloud sync, encrypted storage, etc. Other open source password managers are free but may have fewer features. Password managers mainly serve two functions:
Create complex passwords
Most password managers allow you to generate complex passwords. Typically there is also an indication of how strong your chosen password is. Here are some do’s and don’ts when creating a complex password.
Although some criticise the use of complex passwords due to their … complexity, I still think it's better to use a complex password in conjunction with a password manager.
Unique password for every account
Unique passwords help to ensure what happened to my friend doesn’t happen to others. Your other accounts remain uncompromised even if your password for one account leaks.
The best way to manage unique passwords is to always create a password with your password manager before creating an account. This process has been streamlined these days, making the process very efficient.
Threats of using a password manager
There is a small risk of vulnerability in the password manager leading to all your accounts being compromised. This risk can be mitigated by the second recommendation below.
Recommendation 2: Enable Two-Factor Authentication
[Two-Factor Authentication] is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is).
-Wikipedia
2FA is available in most of our accounts. Unfortunately, most accounts require us to manually enable it instead of having it turned on as default. Luckily most websites prompt users to activate 2FA as soon as they log in.
Setting up 2FA is relatively simple. If you haven’t already, now is a good time to enable 2FA. Head to any account that you would like to fortify (I recommend social media) and follow these steps:
Step 1: Download an authenticator app of your choice
Step 2: Head to account settings
Step 3: Head to security / privacy
Step 4: Toggle 2FA from disabled to enabled
Step 5: Scan the QR code with your authenticator app
Step 6: Enter your one-time code as shown on the app
Step 7: Repeat steps one through eight for another website
Step 8: Sit back and relax
Every time you enter your password into an account with 2FA enabled, you will be asked to enter a code from your authenticator app before accessing your account. This means that even if someone were to gain access to your password through some data leak, they would also need to gain access to your phone, your phone's passcode and the authentication mode before they gain access to your account.
I once had a friend ask me what the point of 2FA is if your phone gets lost. At the end of the day, if someone is very motivated to gain access to your account, they may succeed. But we’ve got to do what we can to make their attempt as hard as possible.
Recommendation 3: Change password regularly
After you abide by recommendations one and two, this could be considered a cherry on top to be even more secure. This involves switching out all your passwords every so often so that even if a data breach exposes your password to the world, it won't harm you as you no longer rely on that password.
I also recommend having a password day once a year or every six months when you change all your passwords and encourage your peers and friends to follow suit. Although it may be painful in the short term, you will quickly get used to this and can be even more confident that you have done all you can to deter hackers.
I'd love to hear from you. Do you have another horror story to share? Do you not worry about your account being hacked? Have I scared you enough to adopt the framework I’ve suggested? I'd love to hear all about it in the comments below or tweet at me with your thoughts.
Thanks for reading all the way to the end! Your support helps keep me motivated. I hope you enjoyed reading about cyber security and how to keep your accounts safe. Share this post if you found it helpful. Do leave a comment and subscribe if you want to be inspired to learn new skills on a week-ish basis.
Until next time,
Tony
Additional Resources
Articles on password managers: Open Source; Paid; NCSC
Articles on strong passwords: Information Services & Technology; Harvard
Other Articles: Multi-factor Authentication; 2021 Password Breach; WSJ on Complex Passwords; Best 2FA Apps
YouTube: Jim Browning; Jon Rettinger
Website: Haveibeenpwned
Socials
Instagram: https://www.instagram.com/tonytriesstuff/
Twitter: https://twitter.com/TonyTriesStuff
Blog: https://tonytriesstuff.substack.com
Discord: tonytriesstuff.com/discord
Reddit: https://www.reddit.com/r/TonyTriesStuff/
Facebook: https://www.facebook.com/groups/tonytriesstuff
LinkTree: https://linktr.ee/tonytriesstuff