Hacking Update: Please Do These Things if You Use Gmail

More

(Update: Please see followup item on the risk of total data loss and how to avoid it.)

As mentioned yesterday morning, my wife's Gmail account was taken over by what has proven to be a very destructive hacker. The spam message the hacker sent out seemed droll; the consequences turn out to be less amusing. In my nearly 30 years of using electronic communication, this is the most troubling episode I've been involved with.

I'll give more blow-by-blow later on, when we've finished with the situation. For the moment, here are some prophylactic tips that I'd blame myself for not saying sooner, if applying them today protects people who might otherwise have similar problems tomorrow. For more details, I include references to the Official Gmail Blog:
Thumbnail image for GmailLogo.png

1) If you use Gmail, please strongly consider switching to the two-step authorization system. What I really mean is, "you should switch to the two-step system, and you should do it now."

With this system, you enter your Gmail account with your user name and normal password -- but then you must also enter an additional authorization code, generated in real time and sent to your mobile phone. It's similar to the authorization schemes that some banks and corporations use.
   
This is more cumbersome than the normal system, but in practice is a lot easier than it sounds. If you're at your normal home computer, you can choose to be prompted for the extra code on that computer only once per 30 days. Even when you don't activate that, if you have your mobile phone with you entering the code adds maybe 5 seconds to the log-in process. (For times when you don't have your mobile phone, there are other work around procedures, explained when you sign up.)

In exchange for the minor security burden, the real-time authorization vastly increases the barriers to outsiders trying to get into your account. They would need to know your password -- and also to have possession of your own mobile phone, to get the real-time code. It could happen, but it's far less likely.

2) If you use Gmail, please be sure to list several additional "password recovery contacts,"  in addition to your normal email address. If you have done this, then should your account be  compromised (or if you just forget your password), Google can instantly and automatically send reset instructions to your mobile phone, a different email account, etc. But if you have not done that, so that their only verified way to contact you is through your main and now compromised account, then they have no automated way to verify your identity. Involving human beings in verification complicates and tremendously slows the process. If you wait until after you've had a problem to think of this step, it's too late.


There are more items on the prophylaxis list -- most of which I've applied all along, some of which are new to me. I will get to them soon. Some apply to online security in general; others have variants for particular systems. But for the moment, all Gmail users, please: act on #2 today, if you haven't done it before. And think seriously about #1.
Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.
Get Today's Top Stories in Your Inbox (preview)

Sad Desk Lunch: Is This How You Want to Die?

How to avoid working through lunch, and diseases related to social isolation.


Elsewhere on the web

Video

Where Time Comes From

The clocks that coordinate your cellphone, GPS, and more

Video

Computer Vision Syndrome and You

Save your eyes. Take breaks.

Video

What Happens in 60 Seconds

Quantifying human activity around the world

Writers

Up
Down

More in Technology

From This Author

Just In