Getty Images / WIRED
There are two big reasons why people get hacked. Flaws in software and flaws in human behaviour. While there’s not much you can do yourself about coding vulnerabilities, you can change your own behaviour and bad habits.
Just ask outgoing US president Donald Trump, whose Twitter password was, until recently, ‘maga2020!’. Or Boris Johnson who revealed details of sensitive Zoom calls. (These world leaders will have had specific security training from protection agencies too)
The risks are just as real for the average person – even if the stakes aren’t quite so high. If your accounts aren’t properly protected your credit card could be compromised or your private messages and photographs stolen and shared for all to see. Working out if your accounts have been hacked is a time consuming and potentially frustrating process. You’re better off taking some steps to mitigate the risks of you getting hacked in the first place. And there’s no better time to get your digital hygiene in order than the start of the year – get 2021 off to an admin-filled, but secure start.
Use multi-factor authentication
Arguably the most effective thing you can do to protect your online accounts is turning on multi-factor, or two-factor, authentication for as many of your accounts as possible. The method uses a secondary piece of information – often a code generated by an app or sent via SMS – alongside a password.
This secondary piece of information helps to prove it is really you trying to log-in as the codes are often accessed on the phone in your pocket. Even if you do have a password that’s easy to guess (we’ll get to that shortly), an attacker is unlikely to get access to an account with multi-factor authentication turned on unless they have your phone.
There’s a guide to all the accounts that support the method here, but in the first instance you should turn it on for all the accounts that hold personal information that could be abused. Messaging apps such as WhatsApp, social media including Facebook, Instagram and Twitter, and your email accounts.
Not all forms of multi-factor authentication are equal though. Code generating apps are considered more secure than getting codes via SMS and beyond this physical security keys provide an even more robust layer of protection.
Get a password manager
Let’s talk about passwords. It’s 2021, you shouldn’t be using ‘password’ or ’12345’ for any of your passwords – even if it’s a throwaway account.
All the passwords you use for your online accounts should be strong and unique. What this really means is they should be long, include a mixture of different character types and not be used across multiple websites. Your Twitter password shouldn’t be the same as your online banking one; your home Wi-Fi network shouldn’t use the same credentials as your Amazon account.
The best way to do this is by using a password manager. Password managers create strong passwords for you and store them securely. If the fact that they can stop you getting hacked isn’t enough to make you consider using one, a password manager also means you never have to struggle to remember a forgotten password again.
From our testing of the best password managers our there, we recommend trying out LastPass or KeePass.
Learn how to spot a phishing attack
Quickly clicking can be your worst enemy. When a new email or text message arrives and includes something that can be tapped or clicked, our instincts often lead us to do it straight away. Don’t.
Hackers have used the pandemic as cover to launch wave after wave of phishing attacks and dumb Google Drive scams.
Anyone can fall for these types of scams. The main thing to do is to think before you click. Scam messages try to trick people into behaving in a way they wouldn’t normally – pretend instant demands from a boss, messages that say an urgent response is required.
There’s no foolproof way to identify every type of phishing effort or scam – scammers are constantly upping their game – but being aware of the threat can help reduce its effectiveness. Be cautious, think before you click, and only download files from people and sources you know and trust.
Every piece of technology you use – from the Facebook app on your phone to the operating system that controls your smart lightbulb – is open to attack. Thankfully, companies are always finding new bugs and fixing them. That’s why it’s crucial you download and update the latest versions of the apps and software you’re using.
Start with your phone. Navigate to your devices settings and find out what operating system you’re using and update if you’re not on the latest version (iOS 14 is the latest for iPhones; Android 11 is the latest from Google). For apps and games, Apple’s iOS 13 and above downloads updates automatically, although these settings can be customised. On Android, autoupdates can also be turned on by visiting the settings page in the Google Play Store.
Once you’ve updated your phone, you need to work out what devices to update next. Generally these should be done in order of potential impact. Any laptops and computers you own should be high up the list and then work backwards through other connected devices in your life. Remember: everything is vulnerable, including your internet-connected chastity belt.
The past can come back to haunt you. The old online accounts you no longer use and the login details that belong to them can be weaponised against you, if you don’t do anything about them. Hackers frequently use details from previous data breaches to access the accounts people currently use.
Reducing the amount of information about your online life that’s available can help reduce the risk of being hacked. A very simple step is to regularly delete your Google search history, but you can also use privacy-first Google alternatives.
Beyond this there’s a lot more you can do to reduce your digital footprint. Find the old accounts you no longer use and delete them. It’ll reduce the amount of spam you get and reduce the number of ways hackers can target you. Use Have I Been Pwned? to find your information in old data breaches, use a VPN to boost browsing privacy, and download Tor if you really want to boost your online anonymity.
Matt Burgess is WIRED’s deputy digital editor. He tweets from @mattburgess1
More great stories from WIRED
💉 Inside France’s plan to tackle vaccine hesitancy
🇸🇬 How Singapore beat Covid-19 with tech and contact tracing
📱 Want to take better pictures? These are the best phone cameras in 2020
🔊 Listen to The WIRED Podcast, the week in science, technology and culture, delivered every Friday
👉 Follow WIRED on Twitter, Instagram, Facebook and LinkedIn