In the November issue of The Atlantic, James Fallows shares the disturbing story of what happened when his wife’s Gmail account got hacked earlier this year. First, she couldn’t log into her account. Then, her contacts received a troubling message that she was stranded in Madrid with no money, and she needed them to wire her funds, immediately. (It might sound like a scam, but many recipients were concerned enough to contact her husband.) Soon, she had no access to her account and all her messages—years’ worth—had been deleted.
[In Pictures: 10 Ways to Start Earning Extra Money Now]
Fallows and his wife, Deb, followed Gmail’s instructions on recovering a compromised account, and eventually regained access, but they were unable to recover her old emails until Google executives got involved. (Before James Fallows called on his own contacts, who happened to be high-level executives in the company, Google had declined to help them further.)
Fallows uses the experience to show just how easy it is for hackers to break into emails and wreak all kinds of havoc on victims’ professional, financial, and personal lives. The Federal Trade Commission reports that 9 million Americans experience some form of identity theft each year, but there are steps people can take to reduce the risk of it happening to them. When it comes to email protection, Fallows suggests the following:
1. Do not use the same password on multiple sites. Fallows equates this to simply not using a password at all. If you use your email password on less secure sites that also use your email address as a login name, you are essentially telling a less-secure site how to log into your account.
2. Avoid common words or names. Hackers can simply guess these words, says Fallows, so they don’t offer much protection from attacks.
3. If you use Gmail, implement the two-step verification system, which means that when you log into your account from any device that is not your normal computer, you need to enter a numerical code that Google sends to your phone. (On computers you use regularly, you only need to enter a code every 30 days.) You also enter a unique code on mobile devices, such as smartphones. Fallows says this system stops almost all attacks, since the hacker would need to have your cell phone as well as your password.
4. Create a long password that only you know. Fallows’ examples include “Lake Winnebago is deep and chilly,” and “my favorite packer is not brett favre.” Those passwords are so long that a hacker would have a hard time guessing it.
[In Pictures: 10 Ways to Save on Food Costs]
Here are four more tips from the identity protection services firm myID.com:
1. Stay away from any personal information, such as birthdays, sports teams, or children’s names. Anyone who knows you personally—or can find such information about you through social networking sites—will be able to make a reasonable guess at your password.
2. Use those old elementary school memory tricks. If you want an easy way to remember a complicated password, try making up a sentence about it. For example, “I love my dog Harry so much” can translate into the hard-to-guess password ILMDHSM.”
3. Change passwords as often as you change your air conditioning filter. That’s about once a month for online financial accounts. Other accounts should be changed every three to four months, says myID.com.
4. Don’t share. Keep passwords to yourself and try to avoid storing them on your computer or smartphone, where others could see them, including hackers. MyID.com says they belong in your head or a locked safe.
Do you have any tips on keeping your passwords safe?