There are two major reasons why people are hacked. Software bugs and flaws in human behavior. Although there is not much you can do even about coding vulnerabilities, you can change your own behaviors and bad habits.
Just ask the outgoing US President Donald Trump, whose Twitter password until recently was ‘maga2020!’. Or Boris Johnson who revealed details about sensitive Zoom conversations. (These world leaders will have had specific safety training from protection agencies as well)
The risk is just as real for the average person – even if the stakes are not so high. If your accounts are not properly protected, your credit card may be compromised or private messages and photos stolen and shared for all to see. Training if your accounts have been hacked is a time consuming and potentially frustrating process. It is better to take some steps to reduce the risk of being hacked in the first place. And there is no better time to get your digital hygiene in order than the start of the year – get 2021 off to an administration-filled but safe start.
Use multi-factor authentication
Without a doubt, the most effective thing you can do to protect your online accounts is to turn on multifactor or two-factor authentication for as many of your accounts as possible. The method uses a secondary part of the information – often a code generated by an app or sent via SMS – together with a password.
This secondary information helps you prove that you are really trying to log in, as the codes are often available on your phone in your pocket. Even if you have a password that is easy to guess (we’ll be there soon), it’s unlikely that an attacker could gain access to an account with multi-factor authentication turned on unless they have your phone.
There is a guide to all the accounts that support the method here, but in the first instance you should turn it on for all accounts that contain personal information that may be misused. Messaging apps like WhatsApp, social media including Facebook, Instagram and Twitter and email accounts.
Not all forms of multi-factor authentication are the same. Code-generating apps are considered to be more secure than receiving codes via SMS, and in addition to this, physical security keys provide an even more robust layer of protection.
Get a password manager
Let’s talk about passwords. It’s 2021, you should not use ‘password’ or ‘12345’ for any of your passwords – even if it’s a wasted account.
All the passwords you use for your online accounts should be strong and unique. What this really means is that they should be long, include a mix of different character types and not be used on multiple sites. Your Twitter password should not be the same as your online bank; Your home network’s Wi-Fi network should not use the same credentials as your Amazon account.
The best way to do this is by using a password manager. Password administrators create strong passwords for you and store them securely. If the fact that they can stop you from being hacked is not enough for you to consider using one, a password manager also means that you never have to struggle to remember a forgotten password again.
From testing our best password managers, we recommend trying LastPass or KeePass.
Learn how to spot a phishing attack
Clicking fast can be your worst enemy. When a new email or text message arrives and contains something that can be printed or clicked, instincts often lead us to do so right away. Do not do it.
Hackers have used the pandemic as a cover to launch wave after wave of phishing attacks and stupid Google Drive scams.
Anyone can fall for this type of scam. The most important thing you need to do is think before you click. Scam messages try to trick people into behaving in a way they would not normally – pretending to be immediate demands from a boss, messages that say an urgent response is required.
There is no foolproof way to identify all types of phishing efforts or scams – scammers are constantly increasing their game – but being aware of the threat can help reduce efficiency. Be careful, think before you click, and only download files from people and sources you know and trust.
Every piece of technology you use – from the Facebook app on your phone to the operating system that controls your smart light bulb – is open to attack. Fortunately, companies always find new bugs and fix them. Therefore, it is important that you download and update the latest versions of the apps and software you use.
Start with the phone. Navigate to your device settings and find out which operating system you are using, and update if you are not using the latest version (iOS 14 is the latest for iPhone, Android 11 is the latest from Google). For apps and games, Apple downloads iOS 13 and later automatically, though these settings can be customized. On Android, autoupdates can also be turned on by going to the settings page in the Google Play Store.
Once you have updated your phone, you need to find out which devices to update further. In general, these should be done in order of potential impact. All laptops and computers you own should be high on your list and then work backwards through other connected devices in your life. Remember: everything is vulnerable, including your internet-connected chastity belt.
The past may come back to haunt you. The old online accounts you no longer use, and the login details that belong to them can be armed against you, if you do nothing with them. Hackers often use details from previous data breaches to gain access to the accounts people are currently using.
Reducing the amount of information about your online life that is available can help reduce the risk of being hacked. A very simple step is to periodically delete your Google search history, but you can also use the first Google options.
Beyond this, there is much more you can do to reduce your digital footprint. Find the old accounts you no longer use and delete them. This will reduce the amount of spam you receive and reduce the number of ways hackers can target you. Use Have I been pwned? to find your information in old data breaches, use a VPN to increase browsing privacy, and download Tor if you really want to increase your anonymity online.
Matt Burgess is WIRED’s Deputy Digital Editor. He tweets from @ mattburgess1
More great stories from WIRED
💉 Inside France’s plan to tackle the vaccine greeting
🇸🇬 How Singapore beat Covid-19 with technical and contact tracking
Do you want to take better pictures? These are the best phone cameras of 2020
Listen to The WIRED Podcast, Science, Technology and Culture Week, delivered every Friday
Follow WIRED on Twitter, Instagram, Facebook and LinkedIn