Zoe Quinn is eager to emphasize the importance of her information security skills.
An online culture war erupted around Quinn in 2014 when her ex-boyfriend allegedly published rumors of an unethical relationship between Quinn and members of the press covering the game industry. Arguments over that controversy quickly spiraled into an online culture war in which numerous female game developers and journalists were harassed.
“It basically immediately went straight to the rape and death threats,” Quinn said. “Like that same night. And continued unabated for weeks, and months and now years.” The episode would later come to be known as “Gamergate.”
Stay informed on the latest news
Sign up for WPR’s email newsletter.
As the threats and abuse against Quinn rose to a fever pitch, abusers started breaking into email, financial records and other accounts belonging to Quinn and people around her.
Zoe Quinn. Courtesy of Hachette Book Group/Perseus Books
“It spread to (the discussion board community) 4Chan, and that really got out of control. They were immediately finding out the home addresses of my friends,” Quinn said of the online forum that originated much of the harassment. “They were compiling a dossier and saying, ‘Let’s burn her to the ground.’”
It was a hard lesson that has made Quinn careful about answering potential security questions while being recorded — even during a sound check ahead of an interview —and made her apt to offer advice on information security to anyone who will listen.
“Get a password manager. Now,” Quinn told To The Best Of Our Knowledge’s host Anne Strainchamps.
That urgency is rarely present when people create a new online password on a typical day. But according to Quinn and cybersecurity experts, there are steps you can take to make your well-worn and familiar passwords better, and best practices you can follow.
So what’s this password manager Quinn suggests? Software for your computer, web browser and mobile devices that can generate long, complicated and random passwords, and store them for retrieval.
It might sound complicated, but password managers actually simplify and organize the process of creating and recalling passwords for services across the internet. Just sign up for one — Lastpass, 1Password, and Dashlane are just a few examples — and install their browser extensions, or download their phone and tablet apps. Then start resetting your passwords.
Once you’ve entered your master password, the software is smart enough to save passwords when you enter them and generate new passwords when you arrive at a screen to set a new one.
However, no matter how secure you and your passwords might be, passwords do get hacked, even when you have them safe inside a password manager. This is where a “two-factor authentication” for online services becomes important, writes cybersecurity journalist Brian Krebs. “With this new feature enabled, thieves would have to know your username, password and have access to your mobile device or impersonate you to your mobile provider in order to hijack your account.”
Once two-factor authentication has been activated on an account, you’ll need a “second factor” to log in — either a new code generated and texted to your cell phone number, or a random number generated by a phone app installed on your smartphone, which must be entered in addition to a password. So even once your password is compromised, a hacker won’t get far without access to your phone.
A hacker can also gain access to your online accounts via your email because that’s where many password reset requests go. This makes email access an especially attractive target for hackers. For additional security, consider using a secondary email address designated solely for registering online accounts and recovering lost or forgotten passwords, Krebs writes.
Hackers don’t give up easily. They can call companies asking for a password reset, where they’ll be presented with security questions like “What’s your mother’s maiden name?” or “What’s your favorite pet’s name?” The answers to these questions frequently can be found in publicly-accessible databases and are generally far less secure than an actual password. Wired writer Mat Honan found that out the hard way.
Quinn suggests treating these questions like passwords — create answers as nonsensical or gibberish phrases, then save those as custom entries in a password manager.
Establishing personal password security is a critical first line of defense, but legal scholar Danielle Citron recommends contacting law enforcement if someone is experiencing threats online, including threatening to release information like photos or personal information publicly. Even once your accounts have been compromised and the damage has been done, there’s help to be found, particularly when it comes to the removal of personal, potentially compromising images posted without consent.
If you’re worried about being attacked online, the Crash Override Network, started by Quinn and other victims of online harassment, have an online coach to help determine what steps you should take to secure your online presence.
