Category Archives: Security

Google 2 Step Verification – Part 1

2 step pc and phone

Stay Safe with Google’s Two Step Verification

One of the handy things about Google’s apps is that they are “platform agnostic.” It doesn’t matter if you use Windows or a Mac, iOS or Android. Google Maps, GMail, Google Docs, Google Drive etc will work in similar ways on any computer.

This is a boon to those who use devices with different operating systems (Android smartphone and Windows desktop, for example) as well as to those who collaborate with people who may use entirely different devices.

Google’s mantra of “One Password, All of Google” adds greatly to the convenience.

If you have to edit a spreadsheet with someone using Windows 8, but you only have your iPhone handy – no problem. Open GMail, find the sheet in your Google Drive, and email it to your Window using friend.

This degree of interoperability and convenience, combined with 15 GB of free cloud storage, encourages users to store lots – lots and lots! – of information in Google apps.

But with convenience comes vulnerability. A stolen GMail password gives a hacker the keys to your kingdom: years worth of archived email, gigabytes of documents, your calendar, your contacts, even your YouTube account are all laid open.

Fortunately, Google’s Two Step Verification is as easy to set up and use as other Google products – and it will do a very good job of keeping your information safe.

ENABLING TWO STEP VERIFICATION

get started

Begin by going to https://www.google.com/landing/2step/

If you aren’t already signed in, sign in to your Google account.

About half way down the page, you’ll see a link to 2 Step Verification. Click  Set Up.

Remember, two step verification works with
* Something you know: your password – and
* Something you have: your phone

verification codes

To start, enter your phone number. You can then choose to receive your verification code via an SMS (text) message sent to your smartphone or through the Google Authenticator app.

In most other circumstances, SMS is simple and direct, without the need for an additional app, and it is the method many people choose.

(Google Authenticator is a downloadable iPhone or Android app that generates one-use verification codes. It is useful if you frequently find yourself outside the reach of cell service. If you later decide the method you selected isn’t right for you, just revisit the page and pick the other method. You can switch back and forth freely.)

Click Send Code and you’ll receive a 6 digit verification code via text message on your smartphone. Enter the code and click Verify.

registered computers

Once verified, you’ll probably want to check the Trust This Computer check box. (Of course, never do this on a public computer.) This will allow you to use any Google app or service from this computer without having to enter a verification code again. Like other 2 Step Verification settings, this can be changed later.

Click Next, then click Confirm.

Congratulations! You have enabled 2 Step Verification for your Google account,. Your private information, email account, and documents will be much safer.

Next: Using Google 2 Step Verification Part 2: Backup Phones, Backup Codes, Google Authenticator

Two Factor Authentication

two-factor-authentication

Using Two Factor Authentication

Strong passwords are the necessary first step in prottecting your data. But they are only the beginning.

If you want to ensure that you remain safe, even if your password is stolen, you’ll need a second defense: Two Factor Authentication.

The theory behind Two Factor (also sometimes called Two Step) Authentication is simple: a log in from an unknown or untrusted source requires two different types of verification

  • Something you know: your password
  • Something you possess: usually your phone

Two Factor Authentication Stops Hackers Before They Get Into Your Account

How does this protect you?

Consider this familiar scenario: the password for your email account was stolen in a data breach. Sadly, you had no idea this happened, and thousands of SPAM messages were sent out under your name in a matter of minutes.

Unless you had Two Factor Authentication enabled.

In that case, even if the hackers have your password, they cannot log in to your email account because they will not know the one time code sent only to your smartphone.

Hack attack foiled.

Setting Up Two Factor Authentication Is Easy

Setting up Two Factor Authentication isn’t difficult. Nor is it especially cumbersome to use.

First, find out if a particular app or service or web site you wish to use supports two factor authentication.

The Two Factor Auth List is a good place to start for a comprehensive overview.

Next, you need to enable Two Factor Authentication for the site. There are actually many possible ways to do this, but in general, the web site will have an option to enable two factor authentication, if it is available, somewhere in its security settings.

Finally, you will receive a text message with a one-time use code you will need to enter on the web site to prove you are you.

At this stage, you are usually able to designate the computer you are using as a trusted source – meaning you will not have to be verified again everytime you log in.

If you primarily use a desktop or notebook computer, congratulations – you are probably done.

If you use a smartphone or tablet, you’ll have to authenticate yourself within particular apps on those devices.

We’ll look at Google as a specific example next, to see how authentication works across platforms as well as how to use something called, “App Specific Passwords” on a mobile device.

Password Security

Passwords Passwords Passwords

It is time to get serious about your passwords.

The list of major hacks and attacks against retail chains, web sites, health care networks, and banks is long and troubling. You can’t do anything about their poor security, but you can take steps to protect yourself.

UNIQUE PASSWORDS
Don’t Reuse Passwords. You’ve heard this advice for years, and maybe you’ve been meaning to change that easy-to-crack but also easy-to-remember password that you use everywhere. But you just haven’t found the time.

Here’s the problem: maybe you used AOL email sometime in the distant past, but you switched years ago. However, you used your son’s name as your password with AOL. It was so easy to remember, you also used it at Amazon, at work, with Google, for eBay, for Yahoo, and for some web store you’ve completely forgotten about.

If that web store you’ve forgotten about is hacked, the hacker now has the password for your bank account. Or he can buy stuff on Amazon and charge it to you. He can log in to your email account and change your recovery email address to an email account he controls.

Because you used a simple password 10 years ago at some site whose name you can’t even recall, your personal information and your bank account are now at risk.

You may not be able to go back to every service you’ve used or abandoned and create secure passwords. But you can change your passwords for the services you use now.

STRONG PASSWORDS
Use Strong Passwords – this is also common advice.

Hackers sometimes use “brute force” attacks to steal passwords. They run a program designed to enter word after word into a password field. They also substitute common numbers or symbols in place of letters. For instance, “letter” might be spelled “l3tt3r” with “3” substituted for “e.”. Software can crack these passwords in minutes, if not seconds.

Strong passwords mix upper and lower case letters, numbers, and symbols in a nonsense phrase. The longer the password, the better. But it should be at least seven characters long.

2@13f6dg2?97V?N

That’s a strong password.

It is also impossible to remember, which is why everyone resists strong passwords.

Even if you manage to remember that one particular password – can you remember another, and another, and another … for all the sites you visit on the web?

PASSWORD MANAGERS
If you are worried about strangers, rather than co-workers or family, stealing your passwords, you can keep a password notebook by the computer. That might work, although the typing is cumbersome.

A better solution is a password manager.

Password Managers can securely encrypt and store your passwords and then fill them in on web sites when you need to log in. Although features vary from program to program, they usually also include a strong password generator.

Some password managers will work on your mobile devices as well as your desktop or notebook computer.

Some are free, some have a one time fee, and some require a yearly subscription. Many will offer different free and paid versions, depending on which features you want.

Both LastPass and 1Password are popular and easy to use. They are certainly worth a look if you want to increase your online security.

TWO FACTOR AUTHENTICATION
The final step in securing your online identity is Two Factor Authentication.

This doesn’t protect your passwords – what it does is ensure that, if your password is stolen, a hacker still can’t access the account that you’ve enabled Two Factor Authentication for.

Here’s how it works: when you enable two factor authentication for a web site – let’s say Google – you are then required to enter not only a password, but a one-time code that will be sent to your cell phone. So even a hacker who has your password cannot log into your account.

We’ll look at how this works in more detail in another article.

Photo Credit: Ron Bennetts
Creative Commons License