Single password: A hacker's dream, your worst nightmare


6 photos
Save Story
Leer en español

Estimated read time: 3-4 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — We've seen them in spy movies and TV shows: tracking devices that can be used to stalk and follow. But this technology is more common than you may think — and many of us unwittingly keep a tracker close at all times.

At KSL News, we didn't have to go far to find people who are vulnerable. Former hacker and security expert Neil Wyler showed one of our producers, Jenniffer Michaelson, how her own smartphone was keeping tabs on her.

Online tracking

During his visit to the KSL Newsroom, Wyler had Michaelson open a Web browser on her computer and type in the URL: maps.google.com/locationhistory. Once logged into her Google account, he immediately had a list of the locations she had traveled that day, as well as those she'd been to in the last year.

But what if someone wanted to look closer? A hacker could use Google Maps see the locations you frequent, the routes you take, and some locations you might end up at specific times of day.

All that information from a single password.

To protect yourself, Wyler recommends turning off and deleting your location history on your Google account. It's information he said you don't need to share with Google, and certainly not with a hacker.

The 'key' to other accounts

That's not the only thing hackers can get with a single password.

KSL brought Wyler to Brad and Darby Gates, owners of Twice Life Wood, a local custom furniture company. Like many business owners, Brad and Darby use email and Facebook a lot.

"That's how I talk to clients. That's how I talk to people about jobs that are being done," Darby Gates said.

But Wyler showed the business owners how email can serve as a key to all of their accounts. If a hacker had their email password, Wyler said he or she could gain access to the business' social media or banking accounts just by clicking on each website's link to "reset your password."

Former hacker and security expert Neil Wyler shows business owners Brad and Darby Gates how their email password can serve as a key to all of their accounts. (Photo: KSL-TV)
Former hacker and security expert Neil Wyler shows business owners Brad and Darby Gates how their email password can serve as a key to all of their accounts. (Photo: KSL-TV)

It's information he said that is also often used to target contacts.

"It's called 'spearfishing,'" Wyler said. "They're going to send a targeted email to whoever the actual target is, and they're going to say, 'Hey. In Vegas. Had a problem with this. Can you do X for me?'"

But the solution is simple. Wyler said email accounts should be protected with a second form of authentication.

"It will require you to log in with your username and password, and then it will generate a six-digit code," he said.

By going into your security settings, you can require that a code be sent to your phone by text, or through the Google Authenticator app, each time you're logged in from a new device. That code is then required to complete the login process.

Protect yourself

For more information on protecting your personal information online, here are a few links:

Photos

Most recent Utah stories

Related topics

Utah
Mike Anderson

    STAY IN THE KNOW

    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the KSL.com Trending 5.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

    KSL Weather Forecast