Preventing a Honan-style Security Breach

I have already posted the truly frightening story about how Mat Honan had his identity stolen and the criminals used his accounts to wipe his Apple laptop, iPad, and iPhone and hack his Twitter account for spamming.

PCWorld has a terrific article on how to harden your own security environment to prevent the same thing from happening to you.  Some of the great ideas are summarized below, but I recommend that you take a minute to read the full article.

Here are a few things you can do:

  • Create a special single purpose email address for resetting passwords on online accounts, and don’t use the one you use for everyday emailing.
  • Turn on two-factor authentication anywhere you can.  Google has two factor authentication, and so does DropBox.  Look for this to be offered by everyone eventually.
  • Do not use the same email user name across accounts.  So if you have a Gmail account and a Yahoo account for instance, don’t be bob1263 at both of them.
  • Do not store credit cards at online retailers.
  • Do not link your online accounts.  Using Facebook to log in everywhere means that if your Facebook account is hacked, all the other linked accounts are up for grabs too.
  • Do not use weak passwords across your accounts.  Even strong passwords used on multiple accounts means that if the bad guys figure out one, the rest will fall.
  • Use a password manager program such as KeePass or LastPass.
  • Do not store passwords on your mobile device.  I know this makes it harder to log onto your accounts with your smart phone, but if you lose your phone, your passwords are available to the finder.
  • Ditto for your laptop or PC, do not let Windows or your web browser store your online passwords.

Take a minute to review your security and make the changes that are necessary.  You won’t regret it.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.