A friend of mine just had their Facebook account broken into the other day, and the attackers employed an ingenious trick to lock her out forevermore: enabling two-factor authentication and tying it to a random phone number. As a result, she can’t get in no matter how many password resets she submits, and Facebook’s official channels—not always the best for customer service—have left her high and dry.
Account break-ins suck, whether they’re random attacks from someone who guessed or got ahold of your password, or people you know who are being cyber-assholes. The latter is the case that Lifehacker reader Michelle is running into, and here’s her (incredibly brief) story she sent to Tech 911:
My ex has hacked all my accounts and keeps backing up passwords so when I try to set knew ones up he has the info already please help
I’m sorry you’re dealing with this, Michelle. I’m not quite sure I understand the bit about backing up passwords, but I’m assuming that your ex has set up some kind of backdoor into your accounts. So, even if you were to change the password, he still has some way to get back into your account and reset it to something else. There are plenty of ways to do this, unfortunately—even something as innocent as making a copy of the backup keys you use for two-factor authentication (2FA).
Whether I’ve got that right or not, let’s go over everything you’ll want to do to regain access to your accounts—and in what order you’ll want to do them in. First and foremost, you’ll want to make sure you’ve locked down whatever you use to save your passwords. If that’s your web browser, for example, and you’ve signed into said browser with an account (like your Google account), you’ll want to access that account and change the password. Make it something unique, a password that can’t be guessed with random words, phrases, or anything else related to you.
But that’s just the bare minimum. While you’re doing this, go through your account’s settings and make sure that everything is correct. Is your email address accurate? Your phone number? Is there any other identifying information that isn’t, well, yours? If so, change it back to yours. And if the company behind said account question offers a way to see anywhere else you’re logged in with your account—and revoke permission for those devices—do that, too.
Next, check to see if you can sign up for two-factor authentication for your account. If it’s already enabled, great! Disable it, re-enable it, and copy/paste any new backup codes you’re provided to a safe location. If you’ve never used 2FA, enable it immediately once you’ve confirmed that only your email address and/or phone number are associated with your account—no others.
This final step is critical, and it should help you address any and all login issues. That’s because you’ll now use a device like your smartphone—either via a text message or authenticator app—as a second form of verification for any login attempts. Someone might know your password, but they won’t be able to do anything with it unless they have that special, changing code that (theoretically) only you can access. And if you get one of these login notification requests, but it wasn’t you that tried to log into an account, you’ll know to change your compromised password (again).
Now that you know the basics, you’ll next want to tackle other pressing accounts: your email, your cellular carrier, and so on. Basically, you’re going to want to go from most-important to least-important and make the same checks and changes: Is any other information associated with your account that shouldn’t be (like a different email address)? Have you changed the password to something you don’t use anywhere else, have never used before, and is impossible for a normal person to guess? Can you set up 2FA?
The more accounts you lock down, the fewer issues I suspect you’ll have with anybody breaking in. And since you’re going to have to go through this annoying process with any account you want to secure up, now’s a great time to start using a password manager (if you aren’t already). Make sure you assign it a solid, unique password—and lock it down with 2FA—and you can then use the app to help you create unique, complicated passwords for all of the accounts you’ll be working on.
Based on your letter, I’m not entirely convinced you won’t have to reset all of your devices, too, to ensure nobody has installed spyware on them. It wouldn’t be the worst idea—reset your PC or Mac and set it up from scratch, or consider taking note of all the apps on your phone, backing up its data (such as your photos) to the cloud, and wiping it. You’ll have to spend some time setting it up again, but you’ll feel better knowing that only you have ever had physical access to this device. And, as a result, it’s probably as secure as it’ll ever be.
Similarly, make sure you’ve gone through any accounts that offer family sharing—such as Google, Microsoft, or Apple accounts—and disable it, in case that’s the trick your ex was using to keep a foot in the digital door.
Basically, you’re going to need to take some time to go through your major accounts, inspect their settings, lock them down, and sanitize your digital life. It’s an annoying process, and I’m sorry, again, that you have to deal with it, but you’ll come out of this with a much more secure setup in place.
Apple’s “Time Flies” event really flew today. One hour, in and out, with a bevy of new products that you can start preordering like the Apple super-fa
We’re all accustomed to taking screenshots on our Android phones, Apple devices, and computers, but you can also take screenshots on your smart TV or
Well, here we are. And yes, that’s Apple’s Craig Federighi peering lovingly at Apple’s big move to its own silicon—the M1 chip, the first system-on-a-
Ready for more Windows 10 features? Microsoft is now testing out a new “feature experience” program that’ll slap tiny little extras into Windows 10 ou
Netflix will be launching a new “Shuffle Play” feature in the first half of this year, which is exactly the kind of thing we need during these pandemi
Setting your messages to “auto-delete” is great, because it kills two birds with one stone: your various apps and social networks won’t get clogged up
Next week, Apple will again hold its annual Worldwide Developers Conference (WWDC) event. Like last year, WWDC 2021 is online-only due to the ongoing
Windows 11 was officially unveiled this week, and many eager users are checking to see if their PCs can run the upcoming OS with Microsoft’s Windows H
We are a comprehensive and trusted information platform dedicated to delivering high-quality content across a wide range of topics, including society, technology, business, health, culture, and entertainment.
From breaking news to in-depth reports, we adhere to the principles of accuracy and diverse perspectives, helping readers find clarity and reliability in today’s fast-paced information landscape.
Our goal is to be a dependable source of knowledge for every reader—making information not only accessible but truly trustworthy. Looking ahead, we will continue to enhance our content and services, connecting the world and delivering value.
