A friend recently found himself hacked on Facebook, the hackers then masqueraded themselves as him asking for money to help his missionary efforts. The hackers really put a lot of work and effort into this, my friend lost his Facebook account and is now rebuilding his online identity and wondering how it happened.

There are more than a hundred ways to skin a cat, even more ways to dress it up and hide it. Here’s my feeble attempt at detailing my personal policies and procedures to protect myself online.

  • I use secure computers to access the internet. My personal laptop is a MacBook which out of the box is very secure, secondarily my iPhone is a very secure platform for accessing the internet (unless is is jailbroken). At work all the computers there are well managed by an IT department and they have sufficient anti-virus, firewall and computer management procedures in place to keep the office Windows computers safe. The standard out-of-the-box Windows computers is not that secure.
  • I'm not that precious with my public personal details. It's not hard for someone in the know, or the need to know, to get my full name, phone numbers, email addresses or date of birth. So I'm not too precious about these details.
  • I am precious about my password. I always have at least 3 passwords on the run. 1 password is my work password which has to change every 60 days (I think it's about that) which is a smart policy for work. My 2nd password is my personal high security password, this changes every 6 months-ish. The 3rd password is the password I use for websites I don't trust or don't care for.
Here' s the difference particularly between the 2nd and 3rd type of password. There are a select number of websites and services that I trust and need to stay secure. My list is my MobileMe email account (paid service), Gmail (free email), Google Accounts for both, my Wordpress.com account, Facebook, Twitter, My personal domain passwords and my laptop password.

For the websites I don’t trust but they’re asking me to sign up, or the websites I don’t think I’ll go back to, I’ll use my generic password, the third password, which I’m sure many of my friends know.

  • In my social networks I don't install applications, unless I really need to or really want to. I'll block all of your requests to invite me into whatever game you're playing now (thanks to Mike Penny and others for hooking me on Farmville). Those applications that get installed in your Facebook account, Twitter Account and Myspace (apparently people still use it?) get complete access to your account. The dodgy ones tend to get removed but they still exist and you could still install one. Plus: if you really want to send me a bunch of flowers - send me a bunch of flowers, I don't want an eFlower.
  • On my computer, I don't install applications without prior research or consulting with likeminded friends. Plus I'm extremely aware that most free apps have a motive. I use some amazing free and open source apps that developers have made out of the goodness of their hearts which I'm rather thankful for, but many free apps are actually ridden with nasties that are out to get you and your identity. (Especially free applications that promise to protect your computer!! Pay for protection!! Free computer protection is like a dodgy back alley guy handing out free condoms!)
  • I recognise the benefit in paying for services that I value. When you pay for something you have ground to stand on in the instance that something goes wrong. I pay $119 for my email account because I value a quality email service. I'd also be willing to pay for a secure Twitter service. Facebook not so much, it doesn't add a lot of value to my life and is well paid for by advertising already. But you should recognise services that are valuable to you then attribute a cost to them. You do get what you pay for.
  • Finally, I'm extremely transparent about who I am and what I'm about. Most Facebook friends, Twitter followers and blog readers would know who I am, they know my character and personality. Listeners to my radio show would be in a similar category as would my personal friends. This is because I'm transparent, honest and (try to be) integral. I'm only human (which often leads to error) but I aim to be transparent in all aspects of life, it's easier in the long run and saves lying which really is a painful process and I don't have enough brain capacity to be a good lier. The result of this is that if I was actually hacked (which hopefully the above points would prevent) then the witnesses of a hack would recognise that it isn't me and would hopefully let me know asap.
It's not a foolproof plan but they say if you build a better foolproof plan the world will breed a better fool.