Here’s a fun little story. A friend of mine, a guy in his mid-60’s, lives in one of those apartment complexes for seniors. The complex has a “business center” near the lobby where there are a few PCs set up as well as wifi. He doesn’t have internet in his apartment, so whenever he wants to do something other than check email on his phone he goes down to the business center.
Unfortunately it turns out those PCs are riddled with malware, because not only did he get locked out of the Gmail account he’s used 10 years, but he got locked out of the second account he created shortly after. That’s when he got wise to the situation with the PCs and created a third Gmail account using his phone…but guess what? He ended up getting locked out of that one, too. The first two hacks were confirmed by a call to Google, where he also learned that they charge a hefty fee to regain access to hacked accounts. Way to provide that customer service, Google!
He’s already kind of an anxious guy, so at this point he was starting to flip out. It wouldn’t have been such a big deal if it was just email in there, but he had (foolishly) saved a draft in the original account that had dozens of bank account forms and other highly personal stuff attached that he was compiling for his financial advisor. So yeah, the hacker got all his bank numbers, his SSN, and lots of other things. He ended up having to update his email and/or banking info with nearly 30 companies, and most of that had to be done in person or on the phone for various reasons. And each website had its own specific rules for creating new passwords, which was its own little pain in the ass. He was afraid to use his building’s wifi, so for the next few days he came over to use our wifi and do some private calling. It was an absolute nightmare for him–he even took his phone to a T-Mobile outlet and had them wipe & restore the phone just in case someone was in there. (Personally I don’t think anyone hacked his phone, but I told him that wiping it was the only way to get any peace of mind.)
This is something that happens to people every single day, and many have far worse experiences than this. What could have prevented all this is two-factor authentication, but a lot of people aren’t using it for whatever reason. Maybe they just don’t know about it, or maybe they don’t want to bother because of its occasional minor inconvenience. I’ve been using it on Google, Twitter, and Facebook for over a year now so I’m used to it, and seeing what he went through just reinforces how necessary it is!
LifeHacker has a great article on what it is and how to use it, and I think it’s mandatory reading for anyone using any online-only email accounts and social media. You’ve been warned!