How to Stop Hackers Even If You Suck at Computers: 5 Easy Changes
There’s a false assumption that older people are less technologically inclined, but for my grandmother, that’s simply not true.
In her mid-eighties, she uses a smartphone, sets up IoT devices, controls her TV from an app, and sends me text messages accompanied by an emotive sticker which she crafted to look exactly like herself. Every time she sends it, it’s doing something different: drinking coffee, holding a glass of wine, watching TV. It’s uncanny.
She still, however, despite being one of the best examples I can refer to when I think of the technologically inclined, was hacked once.
She received the typical notification on her phone. Most of us have seen it at least once in our lives. If it was that specific it would have likely said, “You just bought a leather sofa, a beer keg, a 1950s vintage penny collection, and a lamp all at once, and we think those purchases might be excessive for you.”
She called the bank and told them to freeze her account. Fortunately, they gave her all her money back.
After that, several days went by and I still had had no idea what had happened.
“I love you grandma,” I texted her randomly. It was a weekend, and I was just feeling appreciative. I added a heart emoji.
“Was that text message really from you?” she replied. “Doesn’t sound like something you would say.”
I paused, my thumbs hovering silently over the keyboard.
I whispered to myself. “Oh god, wait, how long has it been since I told her I love her? What kind of terrible person am I?”
A few hours later, my father informed me of what had really happened. He said that she wasn’t suspicious because I told her I loved her, but that because she had gotten hacked, she was receiving sketchy text messages on her phone from someone pretending to be people in her contacts. It was because I had included a red heart emoji, which I almost never do because my soul is dark and cold, so she got suspicious.
“Why didn’t she tell me earlier?” I asked my dad. “I could have helped her.”
I called her up. She said she hadn’t told me because she didn’t want to bother me about it. I told her I’d help her at any time, and then we went through the typical list of questions to try and figure out where the attack came from. After we did, I asked her about two-factor authentication.
“Do you have that enabled?” I asked. (Two-factor authentication is when your account sends a text message to your phone, and you have to verify it to login. Also called 2FA.)
“No,” she replied. “I don’t.”
When I told her that it was probably a good idea, at least for her email and the handful of her financial accounts, she argued, “But I don’t know how, and I don’t feel like doing it.”
“What do you mean?” I asked. “You just go in there and you click a few buttons.”
“I don’t feel like doing it,” she reiterated.
“But they almost stole your money,” I argued. This had already been going for ten minutes, and I should have just given up. “You don’t even know how much money they would have stolen if you hadn’t called the bank. Don’t you want to stop them from doing it again?”
“Oh, don’t worry. They’re still not getting my money,” she said firmly.
I visualized her at her desk, typing aggressively on her keyboard and sending an email to her hacker titled in all caps.
“YOU WILL NOT GET MY MONEY DO NOT TRY I WILL FIND YOU AND HIT YOU WITH BASEBALL BAT” — Grandma.
And then to the bank.
“IF YOU GIVE ANYONE ELSE MY MONEY I WILL COME TO BANK WITH BAT THAT I HAVE” — Grandma.
“I’ll take your word for it,” I said, and just left it at that.
Defending yourself online is laborious, even for people who are very knowledgeable about computers. That’s why it’s tempting not to try.
“Who’s going to hack me?” is the question most of us ask. “I don’t have anything of value.”
I mean, I get it. But even if you think you don’t have anything important, you can be used as a gateway to hack into your workplace, your household, or even someone you know. And I know it may be hard to believe, but all your personal data is important. And, obviously, money.
There are five easy, major things that you can do to stop hackers.
Some of them might require multiple steps, but all of them are easy, and all of them are worth it. If you do nothing else, do these five things.
Step 1: Don’t Click on Links in Emails, Text Messages, or Ads (If You Can Help It)
Some of the worst, most costly hacks in the world, where criminals have stolen millions of dollars from banks, have occurred because one person in a company clicked on one bad link in an email.
Fake emails can look exactly like real emails from real companies these days, so it’s best to just avoid clicking anything inside of them at all. Even if you check who sent it, you still can’t be sure. You also shouldn’t hover your mouse cursor directly over the link to see where it’s going, because you may actually accidentally click it, which is what I’ve done.
If you get a notification that you need to check your account, always go to the official website by typing it into your browser.
(Oh, and don’t click on ads, either. It doesn’t matter what it’s for. Ads are notorious for having all sorts of creepy stuff lurking behind them.)
Remember, just one bad click can have really bad consequences.
Step 2: Enable Multi-Factor Authentication
This is a must. Even if an attacker finds out your password and logs in, 2FA might still be able to stop them. If you do nothing else, do this.
SMS text message 2FA, however, is not as secure as I’d like it to be. That’s because SMS authentication can be spoofed or faked.
The best, user-friendly thing you can do is use an authenticator app. This is an app you can download to your phone and pair with your online accounts, and it’ll send you a notification when someone wants to login. You’re usually presented with an “Accept” or “Reject” button, and it’s that simple, like receiving a phone call.
The best one to use right now, in my opinion, is Google Authenticator. There’s also Bitwarden, which is open source, and LastPass, which is paid but more user friendly.
Make sure to test a few of them out first, because once you stick with one, it’s hard to switch over.
(The way you set this up might look confusing, but most websites have easy guides. For more information on how to use Google Authenticator as an example, click here.)
Step 3: Don’t Go to Weird Websites or Download Weird Software
Don’t go to random websites if you’ve never heard the name before. Especially if they have weird combinations of letters and numbers. If you’re not sure, you can google the website and see what comes up.
Also don’t find random programs on the internet and download them. Just don’t. I know it looks cool, and I know it’s just supposed to clean all the bad files on your computer, or whatever, but are you sure? These are often disguised as malware.
Only download programs that have a high reputation and trust, and always get them from their official website.
Step 4: Disable Security Questions
One of the easiest ways to hack your account is for an attacker to guess your security questions. These have obvious answers that might be easily guessed based on information on your social media profiles, like what town you grew up in or what your favorite food is.
At best, disable them entirely and replace them with 2FA.
At the very least, make the answers unguessable and don’t include words. When they ask you what your favorite food is, pretend you’re a robot that doesn’t understand English. Use something like “5j92dg34s&!f” as your answer.
Well, don’t use that one now, because it’s public.
Step 5: Make Passwords With 12–16 Characters and Non-Predictable Patterns
“But how the hell do I remember those?” — Everyone.
We’ll get to that in a moment.
Another one of the common ways you can be hacked online is by having basic, easily guessable passwords. The worst password ever is “password.” Equally as bad are short ones with one word and some numbers. The second worst type are two words, numbers, and then a symbol.
You don’t want passwords that fall into predictable thinking patterns.
You may believe that “penguin365@” is fooling hackers, but it isn’t. Your password “BestSummer2022!” isn’t fooling anyone either. That one is actually one of the worst, too.
When credentials get leaked from websites, which they often do, hackers download encrypted password collections and try to crack them. Computers can guess those password combinations and patterns millions and even billions of times per second.
Remember, hackers know how people think when they make passwords.
That’s why the best passwords are long and totally random mixtures of letters, numbers, and symbols.
And how to remember them? You don’t.
Password manager applications sit on your phone or in your browser and let you generate complex passwords with the click of a button. They store the passwords with heavy encryption in the cloud and let you access them from one account.
Not even the staff working at a password management company is able to see your passwords, as long as you’re using a password manager from a reputable company.
Some people are paranoid about their password manager being hacked and keep all their passwords on an external device. But this isn’t a great idea because you need multiple backups, people might see them, and you can still get malware on your computer that may find them.
If you’re really paranoid, you can keep them on paper and lock them in a safe, but who has time for that? And what happens if you forget the safe combo? A password manager is the best option, for now.