Seven Weird Tricks to Avoid Getting Hacked
Once upon a time making money by being evil online meant going after big companies. Today, you can make more by going after individual people. We all have bank accounts and social security numbers online that can be stolen and resold. Attackers make hundreds of dollars on this information and sometimes even millions.
You don’t have to be a celebrity to be a profitable target. We’re all becoming valuable to hackers, whether we realize it or not. Here are a few steps that you can take to protect yourself:
1. Use Gmail with Advanced Protection.
Your email can compromise everything that you own online. Use Gmail with Google Advanced Protection, nothing else is as secure. This means that you can’t use third-party apps like Superhuman. That sucks, but your email is only as secure as its weakest link and you don’t want anything weaker than Google. Set up a recovery email address which also has Advanced Protection.
2. Lock down your phone number.
Phone numbers are often used to recover accounts. This is bad because attackers can take over your number and then your accounts with a SIM swap attack. It happened to Jack Dorsey, and it will happen to you too. Set up a Google Voice or Google Fi number for when accounts need phone numbers. If you can’t, call your carrier, tell them you’re a high-risk person, and ask them to block number porting. This isn’t foolproof, but its better than nothing.
3. Use Chrome and disable most extensions.
A good browser can protect you from certain attacks. Google Chrome isn’t the fastest or most battery efficient browser, but it is the most secure. If you want to be safe, use it. The UBlock Origin and Privacy Badger extensions will add updated lists of bad websites to block. Be very careful with other extensions. Attackers can compromise extensions and take over your browser. Only trust extensions from companies that have a strong history of security. If in doubt, don’t use it.
4. Use security keys, reset your passwords, and turn off third-party apps.
Set up Last Pass or 1Password on all your devices1 and buy 3 security keys from YubiCo. Install Google Authenticator on your phone. Make a list of every account that you use to talk to people, store documents, or move money. If in doubt, include it.
Change passwords to randomly generated ones using your password manager. Next, turn on two-factor authentication and add each security key. If security keys aren’t supported, use Google Authenticator. If you have no choice but to use a phone number, make sure its the Google Fi / Google Voice number we set up earlier. Two Factor Authentication is annoying at first, but if you don’t set it up hackers will do it for you. And you won’t like that at all.
Keep one security key on your person, one key at home, and one in a secure place somewhere else. If you use Google Authenticator, you’ll have to save TOTP recovery codes in case you lose your phone. Treat them like passwords and store them safely 2.
If your account allows third-party apps, handle them the same way you would browser extensions. It’s OK for an app to use “Sign In with Twitter”, but not OK for it to post on your behalf. Even an innocuous tweet scheduling app can bypass all your security measures. Turn them off for Facebook, Twitter, and any other account that allows third-party apps.
5. Lock down your smartphone.
Use an iPhone if you can. Its application model is more restrictive and it has fewer surface areas to defend. Go through your app permissions on iOS3 or Android. If you see something that doesn’t make sense, turn it off. A game shouldn’t need access to your contacts list, for example.
6. Use a router from Google or Amazon or Apple.
Routers are vectors for attack and are often set up with default passwords or outdated firmware. Use a router made by Google, Amazon, or Apple and save yourself a lot of hassle. Set up a separate guest network for friends and devices you shouldn’t trust like Smart TV’s. For extra credit, use Little Snitch to keep a closer eye on Mac apps.
7. Use Zoom on your phone or tablet.
Zoom on Mac OS has caused serious issues like zoom bombing, video snooping, and remote code execution. Zoom is turning over a new security leaf, but you can’t fix a codebase overnight. It’s also attracting attention from hackers as it becomes one of the most installed pieces of software. Using Zoom on your phone or tablet reduces the risk of compromise. You can also do one better and start using Google Meet instead.
Thanks to Philip Martin and Rob Witoff for helping with drafts of this post.