This past week Gizmodo/Wired Writer Mat Honan’s iPhone, iPad, iCloud (and probably iRaq) where all hacked and wiped clean after a hacker stole his password, aided and abetted by the help desks of none other than Amazon and Apple.
This little episode provided plenty of grist for the blogosphere this week, as tech writers far and wide trotted out their best advice for us common folk to avoid getting our finances and data drawn, quartered, toasted, fried and bobbed like an Apple on Halloween. Mr. Honan himself probably got the highest blog hit rate of his career, and Slate’s Farhad Manjoo wrote a serious column on the subject. My friend Glenn Fleischman of Seattle exposed his answers to all the common security questions, thereby saving hackers the trouble of a brute force attack on his own Internet presence.
Of course I have to partake of this Dear Abby Advicefest as well, giving government CIOs and employees some expert security advice on how to avoid being Mat-ed (not mated) or Honanized.
1. Always reboot without saving your files and never make take time to make those pesky backups. Apparently Mr. Honan was following this advice to the letter, as he didn’t have backups of his data.
2. Make sure you choose a password extraordinarily hard to guess. Preferably one which uses a lower case letter, an upper case Cyrillic character, and middle-kingdom-sized Chinese hanzi character, a Roman numeral, and a special character with an IQ less than 80. Or, if you have a unique first name (like “Mat” as opposed to Tom, Dick, Harry or Bill) you can just use your first name as a password.
3. Completely Trust the company making your devices, especially if they have a monopoly, and they have the most popular products in the market, and their name can be confused with a common fruit. If they say you can “find your fruit-phone” and remotely vaporize, slice and dice it like the promises of a Popeil Veg-O-Matic, and they further promise all your data is safe in their cloud with the gold lining (their gold, not yours), what more do you need?
4. Have all your password resets pointing to the same email address, and make that email address something easy for anyone to guess. Something like email@example.com using both your firstname and lastname. That way once you or the hacker have your email password, access to all the other jewels in your kingdom falls easily into place. (Yes, yes, firstname.lastname@example.org is indeed my personal email address. But I’m not worried about getting a lot more spam and malware to that e-mail account, as I have spam-blocker software from a company which only has to issue security patches twice a month whether they’re needed or not.)
5. Turn on six factor authentication immediately. This means you’ll have to prove your identity using six different methods whenever you log into a website. Ideally, those methods would include:
a. A strong password like, well, ”Mat” – see above.
b. A retinal scan, preferably one conducted with a military-grade laser.
c. A sample of your DNA. Drawn from a fresh blood sample. After two days your thumb will look like a pin cushion.
d. A hard-to-guess personal attribute like your mother-in-law’s maiden name. Like Btfsplk. If you’re unmarried or your mother-in-law is unmarried or she kept her birth name, or your mother-in-law is a guy, you’re really in trouble on this one.
e. The key fob which opens your garage and perhaps fires missiles from a nearby nuclear submarine.
f. A toeprint from your company’s Chief Information Security Officer.
There are many advantages to six factor authentication. For one, it is so complicated you’ll never be tempted to use online services, and therefore cannot be hacked. For another, your authentication will always be within one degree of separation from Kevin Bacon.
Ok, ok, enough levity already. I don’t really mean to offend my favorite fruit company (gee, I have five fruit-iPhones on my personal plan), or Mat Honan, who I’m sure is as gifted a writer as he is poor at backing up his data, or my favorite hometown retailer, Amazon. We all make mistakes, especially in this rapidly evolving technology age. And we learn from them.
Oh yeah. Read Manjoo’s column and follow his advice.
And don’t answer your security questions like Glenn does!