Most computer-minded people will have read all about Mat Honan’s ‘educational’ experience being hacked last week. He posted the full story over at Wired and it’s a must-read whether you’ve got your own backup strategies or not.
If you’re up to speed you’ll know there were a couple of key stages in the process where he could have either thwarted the hack or insured himself against the tragic loss of photos, and you can do these today:
- turn on two-step authentication on your Gmail account
- make backups of your data
There’s a few other tips that can make you that bit more secure online which we’ll come to shortly.
Of course, unless you’ve already been touched by the God of Hard Drives Dying Inexplicably (in which case you’ve already seen the errors of your ways and are just looking for new and geekier ways to protect yourself) it’s possible yet another post like this won’t make you take the potential for disaster any more seriously, despite a spate of them cropping up all over the web this week like babies nine months after a power cut.
Your password’s tight; your computer’s only a year old; if you were a movie character the last we’d see of you would be “I’m just going to go wander into the woods at night all alone, I’ll be right back…”
Okay, if you say so! -> INSERT BIG SMILEY FACE OF IMPENDING DOOM HERE <- For the rest of us, let's get stuck in.
Two-step authentication of your Google login
If you have a Google account (for Gmail, Reader, etc) and haven’t turned this on yet, it’s dead easy so do it today.
Now whenever you log in to Google in the browser you will need to enter both your password and a six digit code that Google sends via SMS, and you can choose to permanently trust that computer if it’s your own.
Android, Blackberry and iPhone users can download the Google Authenticator app (available from the iOS App Store here) so that even when you’re unable to receive a text message you can still generate a code. And just in case you lose your phone you can print off a set of one-use codes to keep in your wallet.
If you connect to your Gmail or Google Reader account with third party apps like Apple Mail, Reeder or NetNewsWire, there’s no opportunity to enter this numerical authentication code. Instead, you’ll need to generate new application-specific passwords at Google, and then replace your regular password with the new ones in those apps. This way if you lose your phone, say, allowing a thief to read your email without a login from the mail app, you can cancel specific passwords and remotely lock out compromised apps.
Backing up is easy
It is incredibly simple to start backing up, despite how dumb you may think you are with computers. There are two principle ways of going about it:
- local backup (in your house), using an external hard drive
- off-site backup (not in your house), either using secure online storage or keeping an external hard drive at someone else’s house or your workplace for example.
Yes, you’re going to have to spend some money but neither a backup drive nor a backup service are expensive enough to make it worth the risk of losing everything forever. If you can afford a computer, especially a Mac, you can afford to backup.
If you’re still sitting there thinking, “But I haven’t needed one before and my computer is fine”, trust me when I tell you: hard drives can fail at any time with no warning, even if you bought it yesterday. One morning in 2007 my Powerbook started grinding like a coffee machine; by that afternoon it was unbootable and I had no backups; years and years of photos, all gone; many tears were shed. In the end I managed to recover an incredible 97% of my photos back using Data Rescue but not having a backup is inconceivable now.
Backup case study: me
I backup to a few places just to be sure:
- Local backups with SuperDuper!: every night my iMac and the external drives I use for media and archived photos are automatically backed up to another external drive using SuperDuper!, a $28 third party app that can create bootable clones of your Mac on an automatic schedule. That means if my computer dies I can connect the backup to my laptop and boot from it (hold down Alt when you power up until you get asked which drive to boot from), essentially putting me back in front of my main machine straight away.
- Off-site backups with Backblaze: this is the cloud service I chose; others are available (such as Carbonite, and Arq) but BackBlaze works for me. Unlimited storage for one computer and as many connected drives as you have will cost you – wait for it – just $50 a year. That’s £32; you have no excuse! After the initial background backup of your selected data, all subsequent backups will happen throughout the day whenever you change or add data to your system. You turn it on in Settings and then you forget about it until you need to re-download lost data from their site or have them send it to you on a drive (for a fee).
- Sync across machines with Dropbox: although Dropbox offers a basic service for free, I pay for a 100GB account which stores my entire Documents folder, my iPhoto library, all my website data, whatever I’m working on (such as a recent photoshoot or iMovie project) and anything else I want to sync automatically to my Macbook from my iMac and vice versa. I don’t rely on it like a backup service, but it’s yet another copy of some of my most important data with practically no effort on my part.
This combination gives me instant access to my files via the local backup if a drive fails, and online access to my files should the local backup fail or be lost at the same time.
For Mac users, one service may be notable by it’s absence in the list above: Apple’s own Time Machine, which comes with all new Macs and has been built into OS X since Snow Leopard. Time Machine is a breeze – you plug in a drive, flip a switch in Settings, and you’re done.
It works differently to SuperDuper! in that it copies all your data, including changes and additions, in the background while you’re working. It also keeps older copies of your data rather than overwriting it with new versions, just in case you need to ‘roll back time’ and dig out an earlier version, hence the name.
For this reason if you’re going to use it you should buy a drive with a higher capacity than your computer, so that it has space to store as many older versions as possible. Once it runs out of that space it starts deleting the oldest versions to make room.
The only reason I don’t use Time Machine is because you can’t boot from a TM backup or attach it to another computer and work with the files it contains from the drive; you can only use it to copy data back onto a Mac. That’s no good for me because if my iMac goes down I don’t want to have to wait to get a new one before copying everything back; I want to plug my Macbook Pro in, boot from the backup of my recently perished computer and be back in action immediately.
But that’s me and my quirks. If you’ve got a Mac with Time Machine built in and you don’t have any other backup system, buy a drive today and get going.
What external drives should you get?
A lot of my digital stuff is irreplaceable original creations (photos, movies, music, writing, that sort of thing) and much of that is also work related, so I wanted the best drives I could afford. I used a cheap Western Digital MyBook for a while but didn’t like the plasticky build quality or the occasional errors I was getting, so I asked some professionals what they used and was recommended Lacie Quadra drives. They are not cheap, but they are built like tanks and I trust them.
I now have three under my desk – two are used for archived data I don’t want to keep on the iMac itself and the third is partitioned to hold backups of the other two and the iMac. You can buy some at Amazon USA, and Amazon UK.
As a creative professional I know I should be looking at larger capacity RAID-type backup systems but at the moment I don’t have the volume of work or data that necessitates the dive into that seething quagmire of options; I’m kind of grateful for that!
Other best practices for online security
With two-step Google authentication and a backup system in place you’re in much better shape, but you can always do more:
- use different passwords for everything and use an app like 1Password to remember them (available on the Mac App Store, and the iOS App Store); other such apps are available but 1Password is the one I use and I highly recommend it.
- for goodness sake, do not use ‘1234’ or ‘password’ or ‘opensesame’ or your date of birth or your surname or anything else that easy to guess or research for any of your passwords, ever. Seriously consider getting 1Password to remember harder, unique passwords
- if you use Facebook, they also have a two-step authentication process you can activate
- don’t use a publicly visible or guessable email address to send ‘password recovery’ mails for your main account. Instead, create a secret account with a hard-to-guess name and use that as the recovery address for your email and as many other sites as you can – if your main account is compromised you don’t want passwords to be reset on all the other services you use
- don’t link accounts together using a common login – hackers were able to access both Mat’s and Gizmodo’s Twitter because Mat had linked his own Twitter login to the Gizmodo Twitter login when he worked there. Once his own account was accessed, Gizmodo’s was too.
- you’ve probably given your Twitter and Facebook logins to a lot of apps and sites over the years. Use the Twitter and Facebook security pages to review them and cut off any you don’t use any more
- set up a passcode on your iPhone, and use Restrictions (under Settings – General) to lock down Location, Accounts and Find My Friends, using a different passcode to the one you set to unlock the phone itself. This way even if someone gets past the Unlock code they won’t be able to change any of your location-tracking settings; they can just turn the phone off or go into Airplane mode of course but until Apple requires a passcode for that too there’s nothing you can do about that.
Useful links collected
That’s everything I can suggest for now. You probably, hopefully, won’t ever be hacked, but a small amount of time and money spent today will be worth it in spades for the peace of mind alone.
Here’s all the relevant links from above:
Google Two Step Authentication – ensures it’s really you logging in to Google
Google Authenticator for iPhone – for when you don’t have network coverage (Android and Blackberry versions also available)
Backblaze – effortless, unlimited cloud backup for your computer and drives (for Mac and PC)
SuperDuper! – set up scheduled, bootable backups for your Mac
Dropbox – sync your most important files online (for Mac, PC and Linux)
Time Machine – learn about Apple’s backup application built right in to OS X.
Data Rescue 3 – incredible software that can recover almost any data, even from unbootable hard drives (for Mac and PC; incidentally the best $99 I ever spent back in 2007)
NB: some of the above links are via affiliate schemes that earn me a few pennies per paid transaction or in the case of Dropbox some extra capacity per sign-up; however, I personally use everything I’ve linked to on a daily basis and I highly recommend each regardless of any such rewards, and you can take that to the bank.
(whatever that means. That’s good, right?)