by Bill Adler
Last week I wrote about implementing two-step
verification for online services such as Gmail, Facebook and Dropbox. Two-step
verification adds extra security to your online accounts by requiring a
password plus an additional piece of information that's based on something in
your physical possession.
Two-step verification is similar to the way you get money
out of an ATM: You need your PIN (your password), plus the physical card:
Neither alone will cause the ATM machine to spill out the green.
I received several emails with questions about two-step
verification, centering around this particular problem: "It's a
pain." Yes, it can be, at least at first, and also for those smartphone
apps that access Gmail and which require something called an application
specific password. An application specific password is a password that works
just for a single app or program. It's actually a clever idea: You don't have
to offer up your main Gmail password to third-party apps that access Gmail. If
you're having trouble getting application specific passwords to work, here's a
handy page with visual instructions: http://bit.ly/UR1ln1.
Another question I received was, "Can I turn off
two-step verification? I don't like it." Yes, sure, absolutely. But then
you're back to having just a password stand between you and an army of hackers.
Before you turn off two-step verification (or if you're still thinking about
turning it on), let me repeat what Mat Honan, a writer for Wired Magazine,
wrote about what happened to him:
"In the space of one hour, my entire digital life
was destroyed. First my Google account was taken over, then deleted. Next my
Twitter account was compromised, and used as a platform to broadcast racist and
homophobic messages. And worst of all, my AppleID account was broken into, and
my hackers used it to remotely erase all of the data on my iPhone, iPad, and
MacBook.
"In many ways, this was all my fault. My accounts
were daisy-chained together. Getting into Amazon let my hackers get into my
Apple ID account, which helped them get into Gmail, which gave them access to
Twitter. Had I used two-factor authentication for my Google account, it's
possible that none of this would have happened."
You can read all of last week's column, with detailed
information on how to set up two-step verification, here: http://yhoo.it/Ueg6Sm.
While you're thinking about computer security, take a
look at this crazy, scary, but very real video how how somebody can easily hack
into your Facebook account merely by being online at the same Starbucks as you:
www.youtube.com/watch?v=g5mFbgxMHqQ. This video falls into the category, OMG. If your goal is to prevent somebody
from impersonating you on Facebook, then get and install the browser extension
called Disconnect, https://disconnect.me.
In addition to keeping your laptop safe at coffee shops, airports, hotels and
other public wifi locations, Disconnect helps prevent you from being tracked
online.
A few precautions can make the Internet a safer place to
work and play.
---
Bill Adler is the co-publisher of the Cleveland Park
Listserv, www.cleveland-park.com.
He is the author of "Boys and Their Toys: Understanding Men by
Understanding Their Relationship with Gadgets," http://amzn.to/rspOft. He tweets at
@billadler.
Thanks for the article. We ALL need to be more proactive about our personal account security. In this day and age we need to take responsibility of our info. If you don’t trust the site don’t use it. . But one thing that can’t be stressed enough is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, not enough sites are offering and promoting this option. And the even sadder fact is there are millions of people who are not taking advantage of this awesome functionality that is being offered to them by several sites. I really hope people and companies wake-up to the need to kick this complacent attitude about authentication and passwords. Take advantage of the 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.
ReplyDelete