Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain. — Kevin Mitnick
The past few weeks brought news of a rush of new hacks and old ones brought back to light. We saw LinkedIn, Tumbler, and Twitter with breaches in the tens of millions of accounts. We saw major celebrities get hacked from Mark Zuckerberg and Lana Del Rey, Katy Perry, the NFL, and DeRay Mckesson.
The story of DeRay Mckesson (see links) is the ultimate motivation for this tip. While most of the celebrity hacks were achieved due to poor security practices such as reused passwords across platforms, weak passwords, and not using two factor authentication (2FA) where available, DeRay was following all of the best practices and was still hacked. When you consider 2FA uses your cell number to send you a text in many cases, have you secured your carrier account with all of the available security measures they offer? In many cases someone can call in and have a new phone assigned to your number which will allow them to receive your 2FA codes and bypass your security. You should visit you cellular account and make sure to enable a security pin right away. It is free and easy and will give you that extra layer of protection that could be the difference between security and insecurity despite all of you other efforts.
As always I do suggest strong, unique passwords for every account as well as unique usernames when feasible. I also suggest unique disposable email addresses for each account if possible. To make this manageable a good password manager is also recommended.
DeRay Mckesson, activist, disavows Trump endorsement after being ‘super hacked’
Mark Zuckerberg’s Twitter and Pinterest accounts hacked, LinkedIn password dump likely to blame
Check your BITS, because deleting malware might not be enough
Researchers Turn Smartphone Vibration Motor into Microphone to Spy on You