Anthony Green, cofounder of Tracer Digital and program lead for cybersecurity at University of British Columbia, Richmond, British Columbia, Canada. TracerDigital.ca
Your device is sluggish and choppy. You’re getting strange alerts and prompts that you’ve never seen before. Your friends are receiving odd messages that you never sent.
You’ve been hacked.
But don’t panic! Take these steps to regain control.
Change all your passwords immediately. If your computer has been compromised, it’s safer to use a non-infected machine, or borrow one from a friend to use when changing your passwords. The damage might be limited to only your email, Facebook, or whichever platform was initially hacked—but since many people use similar passwords for all of their accounts, there’s a good chance other accounts will soon be broken into, as well.
Install a password manager and use two-factor authentication. The best, fastest, easiest and most secure way to change and organize all your passwords is by using a password manager, rather than trying to remember dozens or hundreds of passwords. This software lets you create and securely store unique passwords that are automatically entered when you need to log on to a website. Those passwords are kept secure by one master password, which is the only one you have to remember. LastPass is among the best and most reliable—and it’s free to use at the basic level. Next, go to the sites of your most important accounts and set up two-factor authentication with them. Once set up, you will need to enter a code from a text or some other prompt when you’re trying to log in to that site.
Forget conventional wisdom on passwords. There’s a common misconception that the safest passwords consist of short, arbitrary strings of characters (T3!b9*7iXg). Not only is this type of password clunky and nearly impossible to remember, but it’s not the most secure option by far. It’s better to create a long password that’s easy to remember, consisting of a few random words, like “TromboneBicycleRefrigeratorElevator.” If the site requires numbers or special characters, you can always substitute a zero for an “o” or an exclamation point for an“i” or place a special character in between each word.
Protect your friends. Once hackers gain access to your social media or email, they will send messages to your contacts. That’s because your friends are more likely to open a message and click malicious links if they think you are the sender. If you’re hacked, send a mass text or email, and/or post a message on social media informing your contacts that you’ve been hacked and to be extra cautious until further notice.