iPhone hackers will struggle to find you if they don't even know your iCloud login.
There's still plenty of speculation as to exactly how hackers managed to break into Apple's iCloud accounts, remotely lock iGadgets and then demand a ransom for their release. It looks likely that the hackers got their hands on a list of email addresses and passwords from another online service, perhaps from the recent eBay hack, and simply tried their luck by typing the same details into iCloud.
Considering that people have a bad habit of using the same password for different online accounts, you'd expect such a plan to have a high success rate. This kind of scenario is exactly why it's such a terrible idea to reuse passwords, yet people continue to do it.
Whether or not this is how hackers snuck into iCloud is uncertain, but what is certain is that once someone uncovers one of your passwords they'll try it everywhere else. These days most services ask for your email address as your login, which means you end up using the same login for most services. This means hackers already have the first piece of the puzzle.
You might think two-factor authentication alone is enough to keep you safe. It's certainly worth enabling wherever possible, but it's not completely foolproof. Just knowing that your email address is your login can be enough for some to launch a social engineering hack, such as ringing a support call centre and trying to bluff their way in while bypassing the two-factor checks.
Bluffing or hacking your way into an iCloud account – or any other online account – is a lot harder if you've used a one-off email address as your login. Many email services let you create free aliases which forward to your primary email address, so you can create firstname.lastname@example.org and email@example.com which both forward to your firstname.lastname@example.org inbox. If you have your own domain name, you might even go with email@example.com and firstname.lastname@example.org.
At this point no amount of technical know-how or social engineering trickery is going to get someone into your iCloud account if they're starting with your real email address, because that account simply doesn't exist. The trick is to never use those alias email addresses for anything else, so there's no possible way that spammers and hackers could know about them. If you do start to receive email to those aliases, such as spam or phishing attacks, then you know that the service has either been hacked or is selling your email address to marketers.
Remembering all those extra email addresses might seem like a hassle, but not if you're already using a password manager such as 1Password, LastPass or Dashlane. To make things easier you might follow a pattern – although perhaps more complicated than email@example.com to make it harder for someone to guess your other email addresses if they discover one.
There's no 100 per cent foolproof way to guard against hackers, but using one-off email addresses and strong unique passwords, combined with two-factor authentication where possible, makes you much less vulnerable to attack. What are your tricks for keeping hackers at bay?
Read more posts from Adam Turner's Gadgets on the Go blog.