Product Reviews
Take Action
Back
SIGN THE PETITION

Fight for Fair Finance

Tell the administration and Congress to stand up for the consumer watchdog that protects you from financial fraud and abuse.
Take Action
Why Do We Have Campaigns?
We're fighting to ensure you and your family can get a fair deal in the marketplace, especially on the choices that matter most: health care, privacy, automobiles, food, finances and more. Join our campaigns and together, we'll hold corporations and lawmakers accountable.

The paranoid's guide to digital security from hackers

Simple, powerful ways to protect yourself from hackers using two-factor authorization, password managers, and, well, sticky notes

Published: February 09, 2015 03:15 PM

If you’ve followed the news about Anthem insurance, Chick-Fil-A, Sony, and Home Depot, it can seem like cyberattacks only happen to corporations, but in reality hackers also target individuals. At home, you’ve got to take on the role of IT department and security chief—and it pays to be paranoid. Some of the following tactics will be familiar, while others may be new to you. But they are all easy to execute. And taken together, they will dramatically boost your personal data security.  

1. Enable two-factor authorization

Many password-protected websites offer two-factor authorization (or 2FA), and you should take advantage of it. Then, when you want to log into your account, the website will require a second way to verify your identity, in addition to your password. Most commonly, the website will text or email you a one-time code to enter. Two-factor authorization is good because even if a bad guy gets hold of your banking password, he won’t be able to access the account unless he also has the second method of verification. Check this list of companies that employ 2FA—it could help you decide which online services to use.

Recently, Google started offering another kind of two-factor authorization, called Security Key. You purchase a small key fob that fits into a computer’s USB port. To log into your Gmail account, you type in your password as usual, and also push a button on the device. It’s more convenient than getting a verification code by text message and copying it into your browser. There’s also a potential security advantage, according to Dan Guido, the CEO of Trail of Bits, a digital security contractor. With conventional 2FA, “An attacker could set up a fake website and get you to enter the verification code there,” he says. “The security key is a phishing-proof second factor.” These key fobs conform to an open standard called FIDO Universal 2nd Factor (U2F). They work with Google accounts and not much else so far, but the standard will probably become more widely implemented.

Visit our extensive guide to Internet security for more safety tips and tactics

2. Encrypt your hard drive

Not all security hazards reside online. If an unsecured laptop is stolen, the thief could acquire medical correspondence, private photos, and more—no hacking necessary. This happened recently to a friend of Chris Soghoian, the principal technologist for privacy issues at the ACLU. “His laptop was stolen from his car,” he says. “In addition to all the stress of losing his photos and personal documents, he had to worry about the data that was stolen. He had tax documents on there.” Encrypting a hard drive takes just minutes, if that long. Windows 8.1 devices are encrypted by default when you set them up using an administrator login. (Older Windows operating systems employ an optional feature called BitLocker.) On a Mac, turn on FireVault, which can be found under the Security & Privacy settings. Just make sure to remember the password and store the recovery key somewhere safe.

3. Use a password manager

The concept is straightforward: You sign up for a service that generates and stores a unique, strong password for each of the websites where you need log-in credentials. You can do that yourself if you have a savant-like memory for numbers, but in all likelihood you don’t. Then, you just need to remember one, excellent password in order to access the service. Yes, you may ask, but what if the password manager gets hacked? Not to worry, says Chris Soghoian. “Password managers encrypt their data, so these services are safe. And, ultimately, in 2015 it’s not a good idea to use the same password for more than one website. That effectively means that you have to outsource the task.” Guido does worry about hackers, but he agrees that a password manager is a vital security tool. He employs a service called 1Password and stores the data solely on his own laptop—he doesn't activate the option that allows users to sync 1Password with other devices through DropBox or iCloud.

4. Put a sticky note or tape over your laptop webcam

This advice may seem paranoid, but the truth is, webcams can provide an easy-to-access window into your home. In 2014, a California 20-year-old named Jared James Abrahams was sentenced to 18 months in prison for hijacking the laptops of young women, including 2013’s Miss Teen USA, Cassidy Wolf, and using the pictures he captured in an attempted blackmail schemes. If your camera has been turned on, you probably won’t know it. While many laptops include an LED that indicates when the camera is functioning, these can be disabled remotely. That’s particularly easy on Windows laptops. An advantage of Macs is supposed to be that their webcam lights are hard-wired to the camera, which should mean that the camera can’t get power unless the light is also on. However, Wolf was using a MacBook when she was targeted, and in 2013 researchers at Johns Hopkins University documented a way to disable the light on at least some Macbooks and iMacs. The only sure way to protect yourself is to physically block the camera.

5. Update your equipment

Security consultants say that any computer more than five years old is inherently insecure. In particular, Windows XP is a dangerous OS: Microsoft is no longer updating that product to fix security holes. “There’s no way to secure Windows XP,” Soghoian says. “Use a modern operating system. They update automatically.” Generally, run the latest operating system and Web browser that your computer will support. The rule is that any piece of software that’s brand-new to consumers is also unfamiliar to the criminals who want to break into it.

—Jerry Beilinson

Suspect you've been hacked? Watch our video for what to do next.

Find Ratings

Security Software Ratings

View and compare all Security Software ratings.

Computers Ratings

View and compare all Computers ratings.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics News

Cars

Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings

Mobile

Mobile Get Ratings on the go and compare
while you shop

Learn more