What happens next Where's my refund? Best CD rates this month Shop and save 🤑
MONEY
Mark Zuckerberg

Hacking Prevention 101: Where Zuckerberg went wrong

Steve Weisman
Special for USA TODAY

What do Mark Zuckerberg, Colin Powell, Warren Buffett, Steven Spielberg, Oprah Winfrey and Jennifer Lawrence have in common?  Along with being intelligent and successful people, they also all have been the victims of identity theft or hacking.

Facebook CEO Mark Zuckerberg.

While not all targets of identity theft contribute to their becoming a victim, in many instances, such as the recent hacking of Zuckerberg’s Twitter and Pinterest accounts and the 2014 hacking of Lawrence’s nude photos from the cloud, the victim’s own failure to follow simple security measures substantially led to his or her downfall.

Sometimes it seems the task of protecting your privacy and security can be overwhelming. But the truth is, by taking some basic precautions, you can take this overwhelming task and not only make it merely whelming (which isn’t a word, but should be) but even make it comfortably manageable.

Shakespeare said that the fault is not in the stars, it is in ourselves. We should both heed and update this admonition to say that the fault is not in our computers and smartphones, it is in how we use these technologies as well as other, nontechnical aspects of our lives.

So what should you be doing that you may not be doing now?

It appears Zuckerberg’s Twitter account was susceptible  because he made the mistake of using the same password for multiple accounts. So, when his  password was exposed following a data breach at LinkedIn, all of his accounts were in jeopardy.

Zuckerberg got off lightly.  What if the same password were used for his online banking?  It is imperative that you have a unique password for each of your accounts so that if one account suffers a data breach your entire online life is not in danger.

So how do you do this in a simple manner?

A good way to pick a strong password is to take an easily remembered phrase as your base password.  For instance, you can use the phrase IDon’tLikePasswords as your base password.  Add a couple of !! at the end of the password and you have a strong password not easily susceptible to password cracking software.

Now you can adapt that base password to create unique passwords for all of your accounts by merely adding a couple of letters at the end of it to identity the particular account.  For instance, your bank account password could be IDon’tLikePasswords!!Bnk.

But Zuckerberg’s universal password was not his only mistake.  Twitter offers dual factor authentication which neither he nor many people use.  With dual factor authentication, when you enter your user name and password to access an account on your computer, smartphone or other portable device, a one-time code is sent to your smartphone for you to enter before you can get access to the account.  Thus, even if someone had stolen your username and password, they would not be able to access your account because they would not have access to the one-time code.

Jennifer Lawrence’s photos were stolen not because of a security flaw in the cloud, but because she failed to follow some basic security steps.  It started when she provided her username and password to a hacker who sent her a spear phishing email posing as security for Apple asked her to confirm her information. She did, and thereby turned over the keys to her iCloud account to the hacker.

The simple rule to follow is never to provide usernames, passwords, Social Security numbers, credit card numbers or any other personal information to anyone who calls you, texts you or emails you until you have independently confirmed that the request for this information is legitimate.  The risk of turning over this information to a criminal is too great.  However, even after she turned over this information to the hacker, she still would have been safe had she used the dual factor authentication provided by Apple for access to iCloud accounts.

Many cybercrimes, both the spectacular — such as the hacking of Sony and Target — as well as the everyday,  can be traced back to "spear phishing." That's where someone receives a legitimate-looking email and is lured into either providing personal information or clicking on a link that downloads malware to a computer or smartphone.

Cybercriminals can appear totally legitimate by mentioning personal information that would induce the victim to trust the email.  Diligent crooks get this information not just from public databases, but also from victims themselves.  Often, cybercriminals pour over their targets' social media    for personal information that can be leveraged into getting them to fall for particular spear-phishing communications.

It may be nice to have many people respond with birthday wishes on your Facebook page when your birthday rolls around and your “friends” are notified by Facebook that it is your birthday. But it also opens the victim to being more likely to trust an electronic greeting birthday card that comes infected with malware.

Less is more.  We all should be more circumspect about the multitude of personal information we make available through social media that can come back to haunt us.

Following these simple steps and some others I will tell you about in my next column in two weeks can help keep you safer from identity theft.

Steve Weisman is a lawyer, a professor at Bentley University and one of the country's leading experts in scams and identity theft. He writes the blog scamicide.com, where he provides daily update information about the latest scams. His new book is Identity Theft Alert.

Featured Weekly Ad