Tuesday, November 20, 2012

Tech Column: A Little More Security

by Bill Adler

Last week I wrote about implementing two-step verification for online services such as Gmail, Facebook and Dropbox. Two-step verification adds extra security to your online accounts by requiring a password plus an additional piece of information that's based on something in your physical possession.

Two-step verification is similar to the way you get money out of an ATM: You need your PIN (your password), plus the physical card: Neither alone will cause the ATM machine to spill out the green.

I received several emails with questions about two-step verification, centering around this particular problem: "It's a pain." Yes, it can be, at least at first, and also for those smartphone apps that access Gmail and which require something called an application specific password. An application specific password is a password that works just for a single app or program. It's actually a clever idea: You don't have to offer up your main Gmail password to third-party apps that access Gmail. If you're having trouble getting application specific passwords to work, here's a handy page with visual instructions: http://bit.ly/UR1ln1.

Another question I received was, "Can I turn off two-step verification? I don't like it." Yes, sure, absolutely. But then you're back to having just a password stand between you and an army of hackers. Before you turn off two-step verification (or if you're still thinking about turning it on), let me repeat what Mat Honan, a writer for Wired Magazine, wrote about what happened to him:

"In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

"In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it's possible that none of this would have happened."

You can read all of last week's column, with detailed information on how to set up two-step verification, here: http://yhoo.it/Ueg6Sm.

While you're thinking about computer security, take a look at this crazy, scary, but very real video how how somebody can easily hack into your Facebook account merely by being online at the same Starbucks as you: www.youtube.com/watch?v=g5mFbgxMHqQ. This video falls into the category, OMG. If your goal is to prevent somebody from impersonating you on Facebook, then get and install the browser extension called Disconnect, https://disconnect.me. In addition to keeping your laptop safe at coffee shops, airports, hotels and other public wifi locations, Disconnect helps prevent you from being tracked online.

A few precautions can make the Internet a safer place to work and play.


Bill Adler is the co-publisher of the Cleveland Park Listserv, www.cleveland-park.com. He is the author of "Boys and Their Toys: Understanding Men by Understanding Their Relationship with Gadgets," http://amzn.to/rspOft. He tweets at @billadler.

1 comment:

  1. Thanks for the article. We ALL need to be more proactive about our personal account security. In this day and age we need to take responsibility of our info. If you don’t trust the site don’t use it. . But one thing that can’t be stressed enough is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, not enough sites are offering and promoting this option. And the even sadder fact is there are millions of people who are not taking advantage of this awesome functionality that is being offered to them by several sites. I really hope people and companies wake-up to the need to kick this complacent attitude about authentication and passwords. Take advantage of the 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.