Personal technology security management is hard. Not because it's difficult to set up security measures but because we each have so many touchpoints or avenues for attack. It can be overwhelming to manage the security for every social media, bank, app, computer, and work app account you have.
But you ignore threats and alerts at your own risk. Personally, I want to lead by example, which is why I'll share this brief technology tale.
It started when a coworker casually asked me if I'd been DMing him on Instagram. I said I had not. He suggested maybe it was a hack but when I looked at my account, I saw no evidence of any odd activity on my account at all. I also hadn't received any details about log-ins from new devices or locations.
I asked him to send me details on what the DM said, but we were both tied up at work and neither of us followed up. What I was looking for, though, were indications that someone was simply impersonating me with a different account.
A second warning
Hours later though, a friend informed me that my Instagram account must've been hacked because I just sent her a crypto pitch (trust me, I am not the crypto pitch type).
I asked her to send me a screenshot because I still wondered if it was a fake "Lance Ulanoff" Instagram account. Still, there was little chance that two of my Instagram contacts were simply mistaken about something like that, especially not within the same day.
I tried not to panic and instead again checked my account for any evidence of third-party tampering. I still didn't see any odd messages or posts. However, this time I realized that I could not simply ignore the warning.
There was a chance, after all, that someone else had access to my account (along with my ID and password) and was quietly using my account to send and then quickly delete DMs to my friends, relatives, coworkers, and neighbors.
This, my friends, is where the advice comes in.
I decided to take decisive security action and dug into my Instagram settings to do two things.
First, I changed my password. Granted, this requires that you know your existing password (I know not everyone does) or have it stored in one of the best password managers (as I do). I followed the guidance to create a six-character-plus one with a heady combination of letters, numbers, and some special characters. I'm rather proud of my creation.
During this process, make sure you store the new password in a decent password manager or have some other super-secure way of storing and retrieving it.
Second, I added two-factor authentication. This is the extra level of security that will probably prevent what may have happened from ever happening again.
Your choices here are to use a text message code (it would always go to the phone in your hand) or a third-party authentication app like Google Authenticator that generates a code that you then enter on Instagram to access your account.
The good news is you only have to use this when logging back into the app (if you're logged out). The better news is that changing your security profile should boot other people off your account.
So that's what I did. I wish I had instituted two-factor authentication earlier. I have it on Facebook and most of my other critical and personal apps. I guess I just never got around to Instagram.
My point is, don't ignore these signs. If you have even a whiff of a hack, take action immediately, Don't be put off by the annoyance of changing a treasured password. Most security experts recommend we change all these things at least every six months.
Let my story be a lesson to you and, you're welcome.