Every now and then I'd get an email from someone with only a link to a website in the body. I knew they hadn't sent it and that their email had been hacked.
I'd also read an article online last summer about a tech reporter who not only had been hacked, he'd had his entire online life taken over. Including having his iPhone erased. One of the suggestions he made was to turn on two-step verification on Gmail, so I did.
Or at least I thought I had.
Last week, someone hacked into my Gmail account. They sent out spam to everyone in my address book, a link to some site that no doubt had malware on it. This was hugely embarrassing and included coworkers, editors, and my agent among others.
I caught it almost immediately. I kept hearing the ping of email arriving and I checked right away, and when I saw all the bounced notes, I knew I'd been hacked. When this happens, the first thing to do is change your password, and I did. The mass emailing was stopped, but not quickly enough to prevent pretty much everyone from getting at least one email.
Why had I gotten hacked? Well, I'd had a tough password on Gmail, but I continually forgot it, so I went with something I could remember and paid the price.
A little further investigation told me that two-step Gmail verification had not been turned on even though I thought I had done it. I rectified that immediately.
Two-step verification sends a code via text to a cell phone. That code is required whenever I sign in from a new location, so in the future, if someone hacks my password, they still won't get in because they won't have verification code.
I also signed up for a password service. It can remember all the passwords for me and I only have to remember one to get into the service. The thing that sold me on this is that it generates secure passwords for me. As soon as I got it, I jumped onto Gmail--all my accounts--and changed all my passwords.
I guess I learned a lesson--never compromise safety--but I just wish these computer geeks would use their powers for good and not evil.
