Zoe Quinn is eager to emphasize the importance of her “InfoSec” game.
An online culture war erupted around Quinn in 2014, when her ex-boyfriend published rumors of unethical relationship between Quinn and members of the press covering the game industry. Arguments over that controversy quickly spiraled into an online culture war in which numerous female game developers and journalists were harassed at an industrial scale. "It basically immediately went straight to the rape and death threats,” said Quinn. “Like that same night. And continued unabated for weeks, and months, and now years." The episode would later come to be known as Gamergate.
As the threats and abuse against Quinn rose to a fever pitch, abusers started breaking into email, financial records and other accounts belonging to Quinn and people around her. “It spread to 4Chan, and that really got out of control. They were immediately finding out the home addresses of my friends,” said Quinn. “They were compiling a dossier and saying 'let's burn her to the ground.'" It was a hard lesson that has made her careful about answering potential security questions while being recorded—even during a soundcheck ahead of our interview—and made her apt to offer advice on information security to anyone who will listen.
"Get a password manager. Now," Quinn told To The Best Of Our Knowledge's host Anne Strainchamps.
That urgency is rarely present when people create a new online password on a typical day. But according to Quinn and cybersecurity experts, there are steps you can take to make your well-worn and familiar passwords better, and best practices you can follow.
So what's a password manager? Software for your computer, web browser and mobile devices that can generate long, complicated, random passwords and store them for retrieval.
It might sound complicated, but password managers actually simplify and organize the process of creating and recalling passwords for services across the internet. Just sign up for one — Lastpass, 1Password, and Dashlane are just a few examples — and install their browser extensions, or download their phone and tablet apps. Then start resetting your passwords.
Once you’ve entered your master password, the software is smart enough to save passwords when you enter them and generate new passwords when you arrive at a screen to set a new one.
However, no matter how secure you and your passwords might be, passwords do get hacked, even when you have them safe inside a password manager. This is where a "two-factor authentication" for online services becomes important, writes cybersecurity journalist Brian Krebs. “With this new feature enabled, thieves would have to know your username, password, and have access to your mobile device or impersonate you to your mobile provider in order to hijack your account.”
Once two-factor authentication has been activated on an account, you’ll need a "second factor" to log in — either a new code generated and texted to your cell phone number, or a random number generated by a phone app installed on your smartphone, which must be entered in addition to a password. So even once your password is compromised, a hacker won’t get far without access to your phone.
A hacker can also gain access to your online accounts via your email because that’s where many password reset requests go. This makes email access an especially attractive target for hackers. For additional security, consider using a secondary email address designated solely for registering online accounts and recovering lost or forgotten passwords, writes Krebs.
Hackers don't give up easily. They can call companies asking for a password reset, where they’ll be presented with security questions like "What’s your mother’s maiden name?" or "What’s your favorite pet’s name?" The answers to these questions frequently can be found in publicly-accessible databases and are generally far less secure than an actual password. Wired writer Mat Honan found that out the hard way.
Quinn suggests treating these questions like passwords — create answers as nonsensical or gibberish phrases, then save those as custom entries in a password manager.
Establishing personal password security is a critical first line of defense, but legal scholar Danielle Citron recommends contacting law enforcement if someone is experiencing threats online, including threatening to release information like photos or personal information publicly. Even once your accounts have been compromised and the damage has been done, there’s help to be found, particularly when it comes to the removal of personal, potentially compromising images posted without consent.
If you’re worried about being attacked online, the Crash Override Network, started by Quinn and other victims of online harassment, have an online coach to help determine what steps you should take to secure your online presence.