So we’ve all seen the downfall of security measures put in place by large corporations and websites such as Sony, Last.fm, LinkedIn, Blizzard, and many other sites lately. An ex-Gizmodo writer’s online life was brought to it’s knees because of Amazon and Apple Support. To sum it all up, a lot of online crap is happening to a lot of people and sensitive data is being compromised. How does this relate to visual effects and motion graphics? It doesn’t. It’s my blog and it effects me, so I want to share some of my stories with you folks to hopefully encourage some change in your online security.
Google Account Compromised
Let me start off with the recent “breach” of my YouTube channel that some of you may be aware of. I didn’t get to explain it all after the fact, so here’s what happened:
Basically a guy named Josh P. from Pennsylvania, who’s full name, address, and phone number I will not reveal at this time, got into my YouTube account, attempted to withdraw earnings, then decided to close down and terminate the account. I wasn’t active on YouTube anyways, but the sheer fact that this happened to me was a wakeup call. It’s not about YouTube, it’s the fact that you lose access to your whole Google account, losing your Google Drive documents, AdSense account, Google+ account, and many more services provided with your Google login. No, he didn’t guess my password.
He was able to access everything by answering a very basic email security question, thus gaining entrance into my email account with the power to wreck more havoc. Being locked out of my own email account and YouTube was quite frustrating as you can imagine. Luckily, I had SMS recovery enabled and was able to get back inside my email account. By the time that happened, he had already changed the Google account email address and password. With the help of YouTube Partner support, I was able to restore my Google account and sort everything back to normal. I could’ve taken legal action against Josh, having his full address and phone number, but decided to forgive him due to some cooperation. (I still keep his information recorded down in a backup in case something pops up).
So what did I learn? Don’t use a security question that someone can find the answer to easily. With that breach in mind, I went back and changed every security question on all my online accounts. With all the recent website breaches and data being compromised such as Tuts+ Premium and Dropbox, I had to frequently change my passwords. (I didn’t use the same passwords for multiple accounts). After having to change multiple account passwords and remembering all the different passwords I had, I started to become more annoyed at the game. So what have I been doing to secure myself?
Stepping the Game Up
I now manage my passwords through 1Password, a great password manager that can keep a local data file on your machine with encryption or places the data file in Dropbox for easy synchronization. It’s fast, secure, and easy because you only have to remember one master password, meaning you can easily generate long hardcore random passwords for all your online accounts and not have to worry. If a service gets compromised, you can easily just generate a new random string of passwords. Basically, it allows you to have a different password for each online account without having to memorize a long hardcore password, not to mention double the encryption. You can read more about 1Password here. Basically, don’t reuse passwords and don’t use easy passwords. There are also other free alternatives to 1Password such as LastPass.
I also enabled 2-step verification on all the sites that support it like Google, PayPal, and soon Dropbox. I’d also recommend using your mobile phone as a backup recovery solution to reset your account(s) if it gets compromised. Change and update all your security questions to something more difficult. Disable any 3rd party sources linked to your account(s) if you don’t use them anymore.
After getting my iPhone 4S stolen earlier this year, I’m glad I had setup Find My iPhone on the device. (Yes, I was able to retrieve my phone back.) I’d recommend enabling this for all your Apple devices as it works for the iPad and Mac as well. (You may be careful with enabling the remote wipe feature though). There are similar services for the Android and Windows platform, so check those out as well.
If you own a website, secure that too. Lock it down, record suspicious IPs, secure the login page, talk to your hosting service and make sure your database is secured. Howard from Iceflow Studios works hard to keep his site optimized and secured, you should do the same. To make your life easier, there are tons of security plugins you could resolve to as well.
Lastly, I’d recommend backing up all your important information to a local drive. (or napkin) This may include passwords in your 1Password app, security question answers, and important account information. I do not recommend ever storing your credit card or banking information with any service except yourself. Keep that stuff in your hands. I’d strongly suggest you don’t store your primary email account in 1Password or anything of that nature because that’s the main key to all your services. Remember your email account credentials, remember your credit card and banking information, and leave the rest to a secure and encrypted password manager.
Basically, the moral of the story is to be secured online. Don’t think that security breaches won’t ever effect you, I thought the exact same. Be proactive and take action now before it becomes a pain. As we transition to a more online life, the information we store are becoming more important and it’s your job to secure it. At the end of the day, it just becomes another precaution you take care of like locking your car doors and keeping your kids safe.