If you're not on top of your online security, this shit should scare you. It should scare you even if you are on top of it. We're putting more and more irreplaceable stuff online, distributed across dozens or hundreds of services, and typically it's all tied to one thing: your email address.
Your email is the key that unlocks everything else. Forgot your password? A reset link has been sent to your email.
Not to mention all the personal and sensitive information that is likely in the actual messages in your email account.
Honan's hackers didn't guess his password or crack it, they called Apple and Amazon and exploited their customer service policies to get into his accounts, and then used one against the other to get all the information they needed. It was easy. They needed zero technical skills to do this, and anyone could do it to you, right now.
I expect Apple and Amazon will be changing some policies very quickly in the wake of all this, and that's good, but it won't be enough. Your information is only as secure as the crappiest website you've used it on, and that website is really, really crappy.
Anyway, here's my advice. Consider it a public service message from your friends in the technology department. We just want you to be safe.
1. If you have a GMail or other Google account, turn on 2-step verification. Now. Here's a good step-by-step guide. It may seem like a pain, but once you have it set up it's not bad, and if you read those stories above (READ THEM NOW), you shouldn't have any doubt that it's worth the trouble.
2. Stop using the same password everywhere, especially on your email account. If you can manage it, use a tool that generates random passwords for every service you use, like 1Password or LastPass. Make sure your master password is good, and change it often.
3. Put a passcode on your phone. Without this, someone picks up your phone and they have access to your email in seconds.
4. Here's the most important thing. BACK UP THINGS THAT MATTER TO YOU. Honan freely admits that not having backups was his biggest mistake, and he lost all the pictures of his kid since birth, which is terribly sad.
Backups are your failsafe. Not just from hacking, but also from hardware failures, theft, flood, coffee, you name it. All hard drives will fail. Every. Single. One. When will they fail? Probably right now.
Automated backups are easy and cheap. Get a big external hard drive. Better yet, get two. I just bought another 3TB drive for $150. Now I have a backup of my backups of my backups, and I sleep better.
If you use a Mac, turn on Time Machine. If you use Windows, use their Backup and Restore feature. Then sign up for Crashplan, or Backblaze or some other cloud-based backup service. I personally use Crashplan, and I love it, but there are lots of alternatives. If you have other suggestions, please leave them in the comments.
Local backups are cheap and easy, and protect you from hardware failures, while remote backups (also cheap and easy) protect you from theft, fire, and that kind of stuff. You need both.
Get the best of the Mercury each week in your inbox!