How to Stop an Ex From Hacking Into Your Accounts
In this week’s tech support column , I bring up an awkward question: how to take back control of my accounts from a not-so-kind ex. I hope your former loved one isn’t a complete psychopath – or at least not a psychopath with access to your accounts – but this is an all too familiar story. You live with someone, you share your hopes and dreams, and they find a way to get into your accounts. (Or you will share your credentials, which is also a good idea.)
Before I get started , let’s make a small digression: although Lifehacker readers have sent me a lot of questions that I will be tackling in future posts – thanks for that! – I saw this post a few days ago on my favorite subreddit / r / legaladvice and I couldn’t get it out of my head. In it, the author writes:
“[My ex-husband] is constantly hacking my phone, email, work profiles and social media. I found that there were over 50 hidden apps on the previous mobile that I could not see and could not remove. I have another one and now I found out that there are 3 on it that I cannot see or film. He never had access to my phones. He took the old email accounts that I deleted, turned them into a corporate account, and linked them to his business account. When I try to access my new email I only had a month, everything in Croatian. I was getting garbled messages on Facebook, after a little investigation, I found that he somehow got to the place where every time I entered the driveway, he received a notification. He somehow got all my Facebook messages before I … “
While it’s a bit tricky to make out, the gist of the original poster’s story is that her ex-husband is creating all manner of digital chaos in her life. While this may be a prime example of accounting and manipulation of a device gone wrong, that doesn’t mean it’s extreme. If you’ve ever given your ex a password for one service, and you’re lazy and reuse your passwords on other services, then it’s not too hard to go downhill quickly, especially if you don’t have much account security and doubly so – especially if they are terrible and vindictive people.
There are many ways to fix this scenario, and I will try to move from “least annoying” to “Witness Protection Program” status.
Change your passwords
Obviously, if someone uses your passwords to log into your services (or devices), change them. And don’t make your new passwords obvious. Do not reuse any other passwords that you have used now or in the past. If you’re using a password management app like 1Password’s LastPass to help shape or track your passwords, change your master password to that too.
Once you’ve changed your passwords on major social media sites, cloud storage, email accounts, bank and credit cards, work accounts , smarthome device accounts , and your laptop or desktop computer, just to name a few. them – make sure you also check if your services allow you to view any other systems or sessions that are logged into your account. Changing your password should prevent someone who has previously logged in from regaining access (if, say, you split up and claim to have gained control of your shared laptop). If you can revoke access for any devices that were previously signed into your account, do so. It never hurts to be safe.
Plus, it’s a great way to find out if someone else has managed to access your account even after you’ve changed your passwords. If so, then it’s time to get smarter.
Use a more secure method to sign in to your devices
If you are still living with someone or are worried about someone physically accessing your devices for any reason, consider upgrading to a more secure authentication system. If your smartphone or tablet supports fingerprint or face recognition, use that – unless you think someone is going to lift your smartphone in front of your face while you sleep, or something like that.
You can also switch to a hardware security key like Yubikey , which will prevent anyone from accessing the services that support those devices even if they have your credentials. No key, no login. How simple it is.
Use account alerts and two-factor authentication
You should use at least 2-Step Verification wherever you can – usually in the form of a service that sends a text message to your smartphone with a code that you or someone else will have to enter when you try to log into your account on an unknown device. However, this still leaves you vulnerable if a cunning person steals your cell phone number using personal information they may know about you. You’re better off using an authentication app , which then requires them to log into your device (which they won’t be able to do if you’ve locked it using our aforementioned suggestions).
While you’re at it, you should check if your various services offer login alerts whenever an unknown device tries to access your account. If you start getting several of these things at once, then someone is clearly trying to ruin your digital life, and it might be worth re-checking that everything is as safe as possible. (And if the person trying to access your account comes from the same IP address, and this correlates with, for example, where your ex lives, you can probably pinpoint who might be behind the attempts.)
Disable location tracking everywhere
If you’ve used Google’s location services , or haven’t explored apps like Google Maps or Apple’s Find My Friends for a while, consider looking at your core apps and services to see if there is a way to limit the amount of information you have. your exact location. If your ex was cunning, he could add himself as a “friend” to your mapping application or other applications that could allow them to see exactly where you are at any time. Sucks.
Reset your devices
You can change all the passwords in the world, but it becomes a cat and mouse game if someone installed a keylogger or remote access utility on your laptop, desktop, or other devices. If you still notice that people other than you are logging into their accounts, even after you’ve set up two-factor authentication and new passwords, you might consider backing up your important information and resetting your devices to factory defaults. …
This should clear them of any pesky tracking or remote control apps (or configurations) that someone else might have installed. And while you can always try to find these apps manually, restoring them to their shipped state – no matter how frustrating it is to reinstall your stuff – will give you a lot more peace of mind.
Nuclear
If you really want to prevent someone else from tracking your digital life, start a new one. Get a brand new smartphone number. Create a new primary email address that you won’t share with anyone until your digital life fades away. Delete your old email address (after backing up and re-importing your email). Rebind all your services to a new email address that includes everything from the accounts you use in the car (if you have any fancy services like OnStar) to your Amazon account and your accounts records in social networks. Don’t use your old email address for anything.
For your core services, consider if you can add additional security – such as an additional PIN or some other way to authenticate with your wireless carrier. If not, at least change your security questions and prompts to something else that the other person cannot understand, even if he or she knows a lot about your life. Buy a new wireless router in case your ex has installed third-party firmware and is tracking everything you do. Change your locks. Buy a giant dog. Receive a restraining order.