In my prior post on this subject, I wrote about how I, a relatively security-conscious and tech savvy individual, became a victim of Russian hackers. As you’ll recall, both of my Apple devices (an iPhone and an iPad) were taken over via iCloud. I had to erase both devices to regain control. The phone was relatively easy, as I wiped it via cell connection, but the iPad was a bit more of a challenge because I had to plug it into my computer and erase it through recovery mode.

Anyway, though it wasn’t the absolute worst thing to have happen (seriously, everyone, backups are so, so important because they give you the power to disregard the hackers and regain control of your devices on your terms, not some nasty extortionist who wants to get money out of you), it was annoying. All in all, I spent several hours temporarily freaking out about it, researching it, and then actually performing the steps that allowed me to regain control. Obviously, I want to avoid this happening again, so here are some tips that will (hopefully) protect you.

  • Change passwords. I know, I know, it’s a huge pain… but if you reuse passwords, as I and probably the rest of the world does, it’s a good idea to change them every so often. Remember, just because a company gets hacked doesn’t mean they’ll openly admit it. I have yet to find anything from Apple admitting to being hacked, but I am very certain this breach came directly from Apple. So, an occasional change can’t hurt.
  • Delete old accounts. This isn’t the most helpful tip, I admit, but I try to keep the amount of online accounts I have to a minimum. More accounts out there equals more opportunities for hacking and stolen passwords. If I end up abandoning an account and cannot delete it myself or get it deleted—cough*Skype*cough—I change the email address to one I don’t use and the password to something I don’t use anywhere else so it doesn’t matter if it’s stolen. I know people accumulate a rather alarming amount of online accounts nowadays, so what I do is keep a little list of where I’ve signed up. It doesn’t have any sensitive password information, but it’s a lifesaver when you want to make sure you’ve changed all your passwords.
  • Enable two-factor authentication. This is my secret weapon right now. It’s been around for a while, so some of you might use it, which is great. For those who are unfamiliar, two-factor authentication requires you to enter something more than a password to log into your accounts. Usually you give your phone number, verify it with the account by entering a code texted to you, and when you log in in the future, you have to enter a code received by text message. The logic is if someone stole my iCloud ID and password again, for example, they wouldn’t receive the code Apple texts to me, which would keep them out of the account. However, I would receive the code and realize it was from an unauthorized attempt to get into my account. Remember, you won’t receive codes unless you go to log in to your account. The hackers took control of my devices around 2:00 am local time, so that would have been a pretty obvious red flag to me if I’d had this enabled and received a code from Apple when the Russians tried to get in.
  • Now, two-factor authentication isn’t perfect. It can be annoying at times, like if you didn’t have your phone sitting right beside you as you logged in. Also, you have to write down or print out codes to use in the event that your phone isn’t working or you don’t have cell service or whatever, and yes, these codes are one more thing to keep track of. It’s a pain, I know. Plus, Apple just gave me several frightening details when I went to turn on two-factor authentication, informing me that if I forget my password, I need to have access to my email AND phone, otherwise the account is lost forever.
  • And finally, my last point on two-factor authentication: not every website offers it. In fact, most do not offer it. A lot of the sites I use don’t have it. The big companies, like Apple, Google, and Twitter, all have it, but Pinterest and Goodreads don’t. I don’t know if Amazon does, as I’m trying to figure that out. WordPress has it (and it is protecting this very blog right now!). Some of the large banks have it, but not all banks in this country do. I don’t know if my company has it or not. If they don’t, maybe I need to suggest implementing it to the cybersecurity department. The point is, you’re bound to have some online accounts that don’t offer it.

Anyway, I hope that helps. I have a feeling I may have made your lives more complicated. I know mine is more complicated now! I’m still a bit shocked the whole hacking thing happened. You never think it’s going to happen to you—until it does. Seriously, back up your devices to iCloud or whatever you use and make sure your accounts are secure. Trust me, you don’t want to wake up one morning and have all your devices taken over.