"Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information -- a partial credit card number -- that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification." So what can we learn from this? What steps should you take to prevent this from happening to you?
- Avoid using similar naming conventions on your online personas. For example, avoid using: firstname.lastname@example.org AND email@example.com. Instead, create variations like firstname.lastname@example.org and email@example.com
- Create a separate email address for services tied to payment methods or other accounts to prevent a "daisy-chain." Also consider creating a single email account for data recovery.
- Reconsider using a single credit card for your online purchases. Instead, use a third party service such as PayPal or multiple credit cards. Then, monitor their use closely.
- When possible, utilize any additional authentication systems available to you. In Honan's case, he could have used Google's two-factor authentication.
- Create a reminder on your calendar to change passwords every 6 months. While it wouldn't have prevented this type of hacking, it will create an extra barrier.
- Use multiple types of security questions. Most customer service or password retrieval systems require you to answer a series of security questions and many utilize the same types of questions. For example, "where was your mother born?" When possible, don't use the same question and answer on all services.