October 13th, 2014
Update: You may have heard that Snapchat, the instant messaging service, and Dropbox, the extremely popular file sync company, have been in the news recently.
While initial claims were that millions of Snapchat and Dropbox passwords had been leaked, it now seems that the leak (or hack) was from another service (it’s unclear which service this was), and that the passwords and usernames simply worked with Dropbox and Snapchat because users were using the same usernames and passwords across different services.
The vulnerability lies with the user not taking enough care over their own security. So think about it: if I knew your email address and its password, how many of your other accounts could I get into if I was simply to try those details across Facebook, Twitter, Dropbox, etc etc…?
The lesson: use a different password on each service.
Anyhow, back to the original post:
PC and laptop security is not a set-it-and-forget-it affair. These days, the weakest element in computer security sits between the keyboard and the chair. And the experts are as vulnerable as the rest of us.
The problem can be seen as a chain, a trail we leave as we set up account after account on new web services. Here’s how to break that chain, and keep your privacy intact.
Same passwords across accounts
This is the basic one we’re all aware of: we shouldn’t use the same password on different accounts. If a hacker finds out what your password is for your laptop, or your email account, then that will be the first thing they try typing in when they attempt to unlock your Amazon account.
And remember, with most of these accounts – Twitter, emails, and more – your username is open to all, so they don’t even need to snoop to find that.
Solve it: Use a different password on each account, of course! But I know, that’s difficult, especially if I’m also about to advise that you make each password a hard to remember one. Which I am, right now.
There are many ways to get over this issue, but one tip is to use a system. For example, make each password a numerical representation of the website it logs into: 4M420N for Amazon, F4C3b00k for Facebook, and the like. Of course, don’t do exactly this, because everyone know about this system now.
What I’m saying is that you can use the site itself as a clue to the password. Try basing it on colours, text, or something else. Then add some standard extra characters, or a standard arrangement of upper and lower case letters. Stick to that method and Bob’s your uncle!
Email addresses used to unlock other email addresses
When you forget the password to your email account – let’s call it Account A – how do you get it back, or reset it? You usually get Account A to send an email to another email address – Account B – then click a link in that email to reset Account A’s password.
This can be risky: if someone manages to hack into either one of these accounts, the other account becomes vulnerable.
And if you use Account C to reset Account B, and Account D to reset Account C, then it only takes one hack to put all your accounts at risk.
Solve it: don’t use a ‘chain’ of email accounts to protect each other. Instead, isolate pairs of accounts, so that A unlocks B, and C unlocks D. This also applies to online services and other personal details. If your Amazon account leads to your Apple iCloud ID and your iCloud ID gives access to your Twitter account, then hackers are going to have a field day once they crack just one.
Signing into Apps with Facebook or Google
A lot of online services allow you to ‘sign in with Google’ or ‘sign in with Facebook’. I won’t go into the security implications of letting Facebook know which bookmarks you’re saving in Pocket, nor in fact of letting Google know any more about you than it already does. These functions are useful, so make the most of them while keeping in mind what you’re exchanging in return. However…
Solve it: once you stop using the sites, such as Pocket, into which you sign with your Google account, make sure you go into your Google Account settings and remove permissions. That way, Google will never have more access to your private life than is needed at any one time. Who knows when they might change its terms of service? Keep your accounts tidy.
These are old friends, aren’t they?
Cookies are essential to the World Wide Web. Without them you’d be unable to log in to a website, or buy anything, or comment on a cat video. And where would civilisation be without that?
However, as with all good things, marketers have taken them and twisted them to evil ends. Cookies track you as you move from page to page (that’s how 4chan knows you’re logged in), but they can also track you from website to website, for no one’s benefit except those people who would monitor your every move. There’s money to be made in knowing how you behave online, but there’s no reason for you to play along.
Solve it: You don’t want to block all cookies from your browsers, except in extreme circumstances (and if you’re in those circumstances, try the Tor Browser). But something that anyone can do is make sure cookies are cleared every now and again. If you’re using one of the main browsers, there are decent instructions on clearing cookies on the PC World website.
Break the chain
Every action you take on your PC, online or offline, builds a chain which can link one action with the next. Every lock you put on your privacy has a key hidden behind another locked door. But access to the first key can lead to the opening of every other door in your online life.
With these tips, hopefully you can break that chain, and browse safe in the knowledge that you’re not leaving yourself open.