Christopher Soghoian is a TED Fellow, and the principal technologist at the American Civil Liberties Union, where he monitors the intersection of federal surveillance and citizen’s rights. Before joining the ACLU, he was the first-ever technologist for the Federal Trade Commission’s Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix. Soghoian is also the creator of Do Not Track, an anti-tracking device that all major web browsers now use. “There seems to be a new data breach in the news every week — a major company hacked, millions of usernames, passwords or credit card numbers stolen. There isn’t much that you, as an individual, can do to stop hackers from stealing the data you entrust to companies. However, there are some easy things you can do to significantly reduce the harm from such breaches.
- Outsource your passwords to a robot – The human brain can only remember so many passwords, not to mention we’re actually really bad at picking good ones. So, too often we just reuse passwords across multiple sites. This is a Very Bad Idea. Once hackers break into a website and steal a database of email addresses and passwords, they can then try to use those same passwords to login to other sites. This is a huge problem, because so many of us use the same password for our Facebook, Google, Twitter and online banking accounts. The solution instead is to use a password manager, a software tool for computers and mobile devices, which will pick random, long passwords for each site you visit, and synchronize them across your many devices. Two popular password managers are 1Password and LastPass.
- Get a U2F key — and use two-factor authentication wherever possible – One other way to protect your accounts is to make sure that even if someone learns your password, they won’t be able to log in. To do this, you’ll want to enable two-factor authentication, an additional security feature that can be added to many online accounts. For some sites, this additional step can take the form of a random number sent to your phone by text message, or running a special app on your smartphone that generates one-time login codes. A relatively new, and even easier form of two-factor authentication is a U2F security key, a device that looks like a thumb drive, which you insert into the USB port when you login to an account from a new computer. These devices, which cost about $15, can be used to add a significant boost to the security to your GMail account. Over the coming months and years, it is likely that other major tech companies will add support for the U2F token.
- Enable disk encryption – If you lose your laptop or your phone and it doesn’t have disk encryption enabled, whoever finds the device can get all your data too. On the iPhone and iPad, disk encryption is turned on by default, but for Windows, Android or Mac OS you need to make the effort to switch it on. It’s a big deal, essentially the difference between buying a new laptop (bummer) and having to put out an identity theft alert.
- Put a sticker over your webcam – There are software tools used by criminals, stalkers and generally creepy dudes that allow them to turn on your webcam without your knowledge. Granted, this doesn’t happen millions of times a year, but the horror stories are real and terrifying. One simple sticker means you use your webcam when you choose to use it.
- Encrypt your telephone calls and text messages – The voice and text message services provided by phone companies are not secure and can be spied upon with relatively inexpensive equipment. That means that your own government, a foreign government, as well as criminals, hackers and stalkers can listen to your phone calls and read your text messages. Some Internet-based mobile apps that you likely already use are much more secure, enabling you to talk privately to your loved ones and colleagues, and don’t require that you do anything or turn on any special features to get the added security protections — Apple’s FaceTime and WhatsApp on Android are both good. If you want an even stronger level of security, there is a fantastic, free tool called Signal available on Apple’s App Store.”