How Can I Prevent My Ex From Accessing My Accounts?
The other day, my friend’s Facebook account was hacked, and the attackers used an ingenious trick to permanently block her: they turned on two-factor authentication and tied her to a random phone number. As a result, she is unable to log in, no matter how many passwords she sends, and the official Facebook channels – not always the best for customer service – have left her unattended.
Account hacking sucks, whether it’s random attacks from someone who guessed or saved your password, or people you know who are cyber assholes. The last case that Lifehacker reader Michelle has , and here’s her (incredibly short) story she sent to 911 tech support :
My ex has hacked all my accounts and keeps backing up passwords, so when I try to set known ones, he already has information, please help
How to get your account back after being hacked
I’m sorry you ran into this, Michelle. I’m not entirely sure I understand what password backup is, but I’m guessing your ex has installed some kind of backdoor for your accounts. This way, even if you change your password, it still has a way to go back to your account and reset it to something else. Unfortunately, there are many ways to do this – even as innocent as making copies of the backup keys that you use for two-factor authentication (2FA).
Whether I have this right or not, let’s take a look at whatever you want to do to regain access to your accounts, and in what order you want to do it. First of all, you will want to make sure that you lock everything you use to save passwords. If, for example, this is your web browser and you are logged into the specified browser using an account (for example, your Google account), you will want to access that account and change your password. Make something unique, a password that cannot be guessed with random words, phrases, or anything else associated with you.
But this is just the minimum. While you are doing this, check your account settings and make sure that everything is correct. Is your email address accurate? Your phone number? Is there any other identifying information that is not yours? If so, change it back to yours. And if the company behind the said account question offers a way to see where else you’re signed in to your account and revoke permission for those devices, do that too.
Then check if you can sign up for two-factor authentication for your account. If it’s already on, great! Disable it, enable it again and copy / paste any new backup codes you provided to a safe location. If you’ve never used two-factor authentication, turn it on right away as soon as you confirm that only your email address and / or phone number is associated with your account – nothing else.
This last step is critical and should help you resolve any login issues. This is because you will now be using a device like your smartphone – either via text message or through an authenticator app – as a second form of verification for any login attempts. Someone might know your password, but they can’t do anything with it unless they have this special mutable code that (in theory) only you can access. And if you get one of these login prompt prompts, but you haven’t tried to log in, you’ll know to change your compromised password (again).
Now that you know the basics, you will need to tackle other important accounts: email, cellular operator, etc. Basically, you will want to go from the most important to the least important and make the same checks and changes: is it related to your account any other information that should not be (for example, another email address)? Have you changed your password to one that you don’t use anywhere else, never used before, and that an ordinary person cannot guess? Can you customize 2FA?
The more accounts you block, the less problems I suspect you will have with someone hacking them. And since you’ll have to go through this annoying process with whatever account you want to protect, now is a great time to start. using a password manager (if you haven’t already). Make sure you give it a strong unique password and block it with 2FA, then you can use an app to help you create unique, complex passwords for all the accounts you will be working with.
Based on your email, I’m not entirely sure that you don’t have to reboot all of your devices to make sure no one has installed spyware on them. It won’t be a worse idea – restart your computer or Mac and set it up from scratch, or consider writing all the apps on your phone, backing up all of its data (like your photos) to the cloud and erasing it. … You will have to spend some time re-configuring it, but you will feel better knowing that only you have ever had physical access to this device. And as a result, it’s probably as safe as it ever will be.
Likewise, make sure you go through any accounts that offer family access, such as Google, Microsoft, or Apple accounts, and turn it off in case your ex used this trick to stay in the digital door.
Basically, you’ll need to take some time to review your main accounts, check their settings, lock them down, and cleanse your digital life. This is an annoying process, and again I apologize for having to deal with it, but you will end up with a much safer setup in place.