This reminds me a lot of Mat Honan’s story, where a combination of security flaws at Apple and Amazon enabled his accounts to be hacked, resulting in the loss of lots of personal data.
There are a lot of takeaways here:
- If someone hacks your domain, they will have access to all of the emails associated with that domain. Because email is the primary method of web verification, if you use that email account for website logins, they will have the ability to reset your password on those websites. Avoid this by using a “generic” email account (Gmail, for example) for your various site logins.
- Ask companies like PayPal to add a note to your account explaining that details should not be released by phone.
- Don’t let companies store your credit card numbers.
- Always use two-factor authentication. (Enabling for: Gmail, PayPal, Facebook)
(via Alex King)
There are some good counter-points to using a generic email address; namely that those services have support staffs for resetting passwords, etc. So you’re trading one set of potential issues for another. Yuck.
Damn handsome website you’ve got here. 🙂
It’s a tough game of whack-a-mole in this ever-evolving technical world we live in. Isn’t it?
(And: Holy moly — It’s *THE* Alex King who has been my internet hero for about 10 years now! I’m absolutely loving the Fave Personal theme. Well done!)