Three powerful forces have come together to dismantle the privacy of U.S. citizens.
First, government programs and regulations have formed the foundation of a massive tracking grid for all individuals. It has passed laws that give it sweeping “snooping” authority. It can now legally peer deeper into our daily lives than ever before.
Second, corporations collect huge amounts of our personal data to aid in marketing. The government can also force them to hand over customer records. In essence, banks, Internet service providers, airlines, car-rental agencies, cellphone companies and more have become proxy agents of the government’s domestic intelligence apparatus.
Third, we live in a hyper-connected technological age. Smartphones, “cloud” computing and credit cards have made it easier than ever to rob someone’s resources — even his or her identity. This provides unprecedented opportunity for crooks to use your data against you.
This “new” America is a dangerous place. But there are simple steps you can take to protect yourself and your family. I’ll share several with you today.
In a recent Wired article, one of the magazine’s senior writers described how a hacker “dissolved” his online data:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
Among the casualties in this “digital massacre” were all the digital photos he had of his daughter’s first year of life.
The hacker exploited a weakness in Apple’s security measures. But as the writer discovered, he could have prevented the worst of the damage.
The No. 1 way people’s accounts are hacked has nothing to do with the actual password. It has everything to do with the password “recovery tools.” These are systems email providers and online stores have in place to help you if you’ve forgotten your password.
It turns out, every day, folks are providing hackers an easy way to exploit these recovery tools. They’re signing credit card receipts.
Credit card receipts “X out” all but the last four digits of your credit card number. You may think this provides a strong degree of security. Think again. In Apple’s case, the recovery tools require the last four digits of the credit card linked to the account and the account holder’s billing address.
Addresses are easily attainable via public record searches. Combine this with the last four digits of a credit card and, voila, you have taken over access to someone’s AppleID. And it’s not just Apple that works like this. Any number of corporations have similar programs.
But there is a solution.
From now on, whenever you use your credit card, always black out the last four digits on your receipt. Do this on the business copy as well as your own. If anyone hassles you, explain you have a legal right to do so. The digital transaction has already occurred; you are just keeping your personal data private.
Another major weakness in password “recovery tools” is the use of “security questions.” These are often mundane questions like “What town were you born in?” or “What is your mother’s maiden name?”
A simple search of public records and social networking sites (like Facebook) should yield these answers. At the very least, it will give a hacker a short list from which to deduce the correct answers.
But there is a solution.
Do not supply answers to these easily identifiable questions.
If you’re given the option to choose your own recovery question, make it a tough one. Make it nonsensical. Make it something that only you would know. And if you have no choice but to use the stock questions provided, give false answers.
For example, if the question asks for your mother’s maiden name, make up a name like “MacSmithowitz.” Keep the answers written down on paper (never in digital form) in a secure location that only you can access.
Finally, the biggest “recovery tool” weakness is your primary email account. That’s because on the Internet, all “roads” lead to your email address. It’s the nexus of your online environment.
A hacker with access to your email can immediately gain access to your other accounts by resetting their passwords. (The confirmation emails for these are sent to your primary account, which he now has control over.)
He can also change the password and shut you out from it; peruse financial data and gain partial account numbers, like the last four digits of your credit card and Social Security numbers; rummage through all your private data, including photos, videos and more; gain access to your cloud-based files and devices; and delete things of value to you.
This is exactly what happened to the Wired writer.
But there is a solution.
First, never “daisy chain” your passwords. This means do not use the same password for every account you own. A compromise of one means a compromise of all.
Also, never select “remember me” or “keep me signed in” on your email website. (This allows others who use the same computer to access your email without needing a password at all.)
And if it’s offered, always use “two-factor” authentication. For example, in order to log in, you might need your password plus a code sent to an alternate email or mobile device that is associated with your account.
All these steps may take a little extra time and effort. But think about it this way. Let’s say you own a rare, jeweled necklace. Would you leave this out on a table in your front yard, just so others could admire its beauty? Or would you take steps to keep it safe?
In the modern age, your personal information is more valuable than exquisite jewelry. And the strategies I showed you today are a few easy ways to keep it safe. You should put them into practice immediately.
Here’s to our health, wealth and a great retirement,
—Dr. David Eifrig
P.S. This is just a small sampling of the privacy techniques I’ve been researching recently. I’ve also figured out a way to make sure no one can track what you are doing online, for example. And I even learned a very clever trick supposedly used by terrorists and cheating spouses to send messages that can never be traced, even if someone has access to your email account. To learn more of these techniques, see my full presentation here.
This article originally ran on Monday, Dec. 24 at DailyWealth.com.