There are two major reasons why people are hacked. Software bugs and human behavior defects. While there is not much you can do about coding vulnerability, you can change your own behaviors and bad habits.
Just ask outgoing US President Donald Trump, whose Twitter password until recently was: ‘maga2020!’. Or Boris Johnson revealing details about sensitive Zoom calls. (These world leaders also had specific security training from protection agencies)
The risks are just as real for the average person – even if the stakes are not quite as high. If your accounts are not properly protected, your credit card may be compromised, or your private messages and photos may be stolen and shared. It is a time consuming and potentially frustrating process to work out whether your accounts have been hacked. You need to take better steps to reduce the risks of hacking in the first place. And there is no better time to get your digital hygiene in order than at the beginning of the year – start 2021 with a controlled but safe start.
Use multifactor authentication
Ultimately, the most effective thing you can do to protect your online accounts is to enable as much as possible multi-factor or two-factor authentication. The method uses a secondary piece of information – often a code generated by an app or sent via SMS – along with a password.
This secondary information helps to prove that you really are trying to log in, as the codes are often in your phone pocket. Even if you have a password that is easy to guess (we’ll get to that soon), an attacker is unlikely to be able to access an account with multifactor authentication enabled unless your phone is available.
Here’s a guide to all the accounts that support the method, but first and foremost, you should enable it for all accounts that contain personally identifiable information. Messaging apps like WhatsApp, social media including Facebook, Instagram and Twitter, and your email accounts.
Not all forms of multifactor authentication are the same. Code-generating programs are considered more secure than obtaining codes via SMS, and furthermore, the physical security keys offer a more robust layer of protection.
Get a password manager
Let’s talk about passwords. It’s 2021, you may not use ‘password’ or ‘12345’ for any of your passwords – even if it’s a disposable account.
All the passwords you use for your online accounts must be strong and unique. What this really means is that they should be long, contain a mix of different character types and not be used on multiple sites. Your Twitter password should not be the same as your online banking services; your Wi-Fi network does not have to use the same entries as your Amazon account.
The best way to do this is to use a password manager. Password managers create strong passwords for you and store them securely. If the fact that they can stop you from hacking is not enough to make you consider using it, a password manager also means you never have to struggle to remember a forgotten password again.
From our testing of the best password managers here, we recommend trying out LastPass or KeePass.
Learn how to detect a phishing attack
Clicking fast can be your biggest enemy. When a new email or text message arrives and contains something that can be typed or clicked on, our instinct often leads us to do so immediately. Do not.
Hackers used the pandemic as a cover to launch wave after wave of phishing attacks and dumb Google scams.
Anyone can fall for this kind of scam. The most important thing to do is to think before you click. Scam messages try to mislead people into acting in a way they would not normally do – pretending to be immediate demands from a boss, messages that say an urgent response is needed.
There is no infallible way to identify every type of phishing attempt or scam – scammers are constantly increasing their game – but being aware of the threat can help reduce its effectiveness. Be careful, think before you click, and only download files from people and sources you know and trust.
Update everything
Every piece of technology you use – from the Facebook app on your phone to the operating system that controls your smart light bulb – is open to attack. Fortunately, companies always find new bugs and fix them. Therefore, it is important that you download and update the latest versions of the programs and software you are using.
Start with your phone. Navigate to the settings of your devices and find out which operating system you are using and working on if you do not have the latest version (iOS 14 is the latest for iPhones; Android 11 is the latest from Google). For apps and games, Apple’s iOS 13 and above automatically uploads, though these settings can be customized. On Android, auto-dates can also be turned on by visiting the settings page in the Google Play Store.
After updating your phone, find out which devices you need to update next. Generally, this should be done in order of potential impact. Any laptops and computers you own should be high on the list and then work backwards through other connected devices in your life. Remember: everything is vulnerable, including your chastity belt with internet.
The past can come back to haunt you. The old online accounts that you no longer use, and the login details that belong to them, can be used against you if you do nothing about it. Hackers frequently use details of past data breaches to gain access to the accounts people are currently using.
Reducing the amount of information available about your online life can help reduce the risk of being hacked. A very simple step is to delete your Google search history regularly, but you can also use privacy-first Google alternatives.
In addition, you can do a lot more to reduce your digital footprint. Find the old accounts that you no longer use and delete them. This reduces the amount of spam you get and reduces the number of ways hackers can target you. Use Am I pinned? to find your information in old data breaches, use a VPN to increase browsing privacy and download Tor if you really want to enhance your online anonymity.
Matt Burgess is WIRED’s Deputy Digital Editor. He tweets from @ mattburgess1
More great stories from WIRED
Frankryk Within France’s plan to tackle vaccination
How Singapore beat Covid-19 through technology and contact tracing
📱 Do you want to take better photos? These are the best phone cameras of 2020
🔊 Listen to The WIRED Podcast, Science, Technology and Culture Week, presented every Friday
Follow WIRED Twitter, Instagram, Facebook and LinkedIn