How to Protect Your Online Reputation

The Scope of the Problem

Given the recent events in the internet security world, I am pleading with you to secure your online identity. For those just joining the fray:

• The most troubling story is of Mat Honan, Senior Reporter for Wired magazine, who was targeted for his @mat Twitter handle:

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

• In August, Blizzard’s online gaming network Battle.net was hacked and email addresses and answers to personal security questions were accessed
• Also in August, MLB’s Facebook page had a false posting that Derek Jeter would undergo sex-change surgery
• In July, 450,000 Yahoo Voice usernames and passwords were publicly posted
• Three times in August, there were false reports regarding the current events in Syria posted to Reuters, the world’s largest multimedia news agency
• In June, 6.4 million LinkedIn usernames and encrypted passwords (and 300,000 decrypted passwords) were leaked online

I’m sure you’ve seen commercials like these regarding identity theft, and, funny as they are, they probably leave you slightly troubled… even if you think “that could never happen to me” (NB: I don’t have Citibank Identity Protect and do not endorse their particular product in any way).

My Story

As a member of Generation Y, I’ve been surrounded by technology all my life (which I’ve previously written about) and have seen the marked changes in the computing world and the Internet. I was an early adopter of Linux and spent hours compiling the kernel and fiddling with xorg.conf files and thought I was pretty good about security, using “good” eight-character passwords like 8&Ph9Saj or c!aDR4pR (not my real ones obviously!).

However, as more and more websites began requiring registration, I did what most of us did: I recycled passwords from “important” sites like email accounts into less secure or important sites like those from department stores, hotels, or user forums.

So spurred by the events above, I began securing my online presence with Google Two-Factor Authentication, started using LastPass, and began the laborious task of updating all the websites I visit with long, randomly generated, unique passwords that are taken care of by the password manager. As I went through, I was amazed at how many online accounts I had, and how many times I used the same username and password. They say a journey of a thousand miles start with a single step, and I had taken hundreds of steps…

What You Can Do

These are my recommendations as an educated computer user, but I am not a security expert nor am I 100% certain this approach would eliminate the risk of having your “digital life destroyed.” Again, I have no financial disclosures with respect to any of the products mentioned.

• Disable FindMyMac to eliminate the possibility of it being remotely wiped
  • But allow remote wiping of your iPhone/iPad (I think it is easier to lose a phone than it is to misplace a laptop)
• Continue (or start!) to keep backups of your data – my approach may be overkill but I use a variety of methods
  • CrashPlan for cloud storage
  • Time Machine for local backups
  • DropBox for non-critical files that I can access anytime, anywhere
  • Truly important and irreplaceable data (like family photos) are kept on a separate external USB hard drive at my parents’ house in case my house caught on fire
• Enable multi-factor authentication if available (available for Gmail & Facebook – there may be others)
• Use a password manager like LastPass (I will notenter the LastPass vs KeePass vs 1Password etc argument)
  • Use a strong master password: I recommend DiceWare and/or an approach like in this XKCD comic

• Slowly start changing all the passwords on the websites you use, starting with accounts like your email account and social media sites
• Disable password synchronization services available in Google Chrome and Firefox – these are not as secure as LastPass and negate its benefits
• For more information about LastPass, I recommend watching this YouTube video (starting around 53:00) and/or reading the transcript (starting about halfway down)

Why Physicians Should Care

Although Mat Honan is a prominent tech writer with an impact on what the entire industry reads and suffered a very unfortunate personal tragedy of losing the photos from the first year and a half of his daughter’s life, his story struck fear into my heart as a physician.

One of our most valuable assets is our reputation among colleagues and patients. Now, multiple social networking venues make your online reputation available to everyone (just try Googling yourself). It may be controversial whether physicians should indeed be held to a “higher standard” than other members of the community or other professionals, but I believe it is your responsibility to protect your online reputation from vicious attacks.

I’m interested to hear your thoughts on recent events or the system I suggest, what system you would recommend, or if you have any physician-specific advice. And please let me know if you want more posts like this or other topic suggestions!

Image: FreeDigitalPhotos.net

Related articles

• Hack causes fear about cloud storage (cnn.com)
• How Hackers Attack – Without Your Passwords (news.dice.com)
• 5 Ways To Prevent Your Password From Being Hacked (businessinsider.com)
• Securing Your On-line Life with a Password Manager and Two-Factor Auth (subfictional.com)
• Apple And Amazon Fix The Security Holes That Caused Wired Editor’s Epic Hacking (AAPL, AMZN) (businessinsider.com)
• How Not to Become Mat Honan: A Short Primer on Online Security (wired.com)