Tag Archives: passwords

What Is / Why Should You Definitely Use 2-Factor Authentication?

2-factor-authentication

Simply put, 2-Factor Authentication is an easy way to keep hackers from accessing your online accounts. It’s called a number of things: 2-Factor Authentication, 2-Step Verification, Multi-Factor Authentication, 2-Step Login, Login Approvals, Login Verification, etc. But no matter what it’s called, you should absolutely do it whenever possible!

Hopefully by now you know how important a good password is. But you should also know just how hard it is for sites to protect your personal information, including your login ID and password. Just in 2013 alone some of the web’s biggest names have been hacked including Facebook, Twitter, Target, Evernote, and Adobe.

Why is 2-Factor Authentication so important?  Because it’s pretty tough for a slimy teenage hacker in Romania to get ahold of your cell phone.  That’s right, with 2-Factor Authentication a hacker has to physically have your cell phone to get into your account. It adds a critical layer of security to your account by combining something in your head (your password) with something in your hand (your phone).  When you enable it, the site no longer lets new devices on it without first double-checking that the user attempting to login is actually you.  After correctly entering your password, in most instances the site requires you to enter a code sent via text message to your phone.  This way, even if a hacker gets ahold of your ID and password, they would still need to somehow get your physical cell phone to break into your account.

I love how this short video illustrates the concept:

So how do you set up 2-Factor Verification? Honestly, it’s a bit of a pain. Every site has a different way of doing it, and then you have to mess with your cell phone every time you login somewhere new. But, it’s still worth it. Just one time getting hacked and you will wish you had, especially if that hack is tied to your credit card somehow.

Fortunately, there’s this great site run by some guy (Evan Hahn) that lists pretty much every major site that has a 2-Factor Authorization option. Go there now and at least bookmark it. Seriously. Because passwords are pretty useless when they’re lonely.

Tagged , , , , , , , , , ,

Password Best Practices & 2-Step Verification

Capture

There have been an alarming number of recent high-profile password hacking incidents among some of the largest online services such as Twitter, Apple, Facebook, and Dropbox. The latest being Evernote. Considering how lazy most of us are with our passwords, this is a very scary trend. To highlight the seriousness, let me toss out a quick scenario:

So, let’s assume you are smarter than 94% of us and have a nice, long, alphanumeric password with punctuation (something like “Ih@t3MyP@ssw0rd!”) for your gmail account. This is a very good first step. The problem occurs when you decide to use that same password for say Facebook, Twitter, your bank, and perhaps Amazon. Or maybe you even go so far as to use it everywhere, including that new dog grooming forum you joined last month. So what happens when one of these sites are hacked? Suddenly, that super strong uncrackable password is now as naked as your two year old in the kiddie pool. And, suddenly, someone has taken that password and cleaned out your bank account.

So what ARE the best password practices?  

If you have time, please read this great post on password best practices. If you’re like most everyone else, just keep reading and hopefully you’ll soak in a couple of the most basic points:

  • Make your passwords (yes, it stinks, but you have to have a bunch of them) nice and long (8 characters is bare minimum, 16 is considered pretty good) and as random as possible (no, your birthday/anniversary/kid’s initials are NOT random). Include capitalized letters and special characters whenever possible.
  • Your email and banking passwords are SUPER important. You need an unique password for these accounts. ONE per account. Not one per account type (i.e. all my bank accounts use this one password), but ONE specific password for EACH individual banking and/or email account. Banking accounts include anything you’ve tied your checking accounts to such as PayPal or Amazon. Email is especially important, because all those great “forgotten password” tools use your EMAIL to help you reset your password.
  • Your data accounts are nearly just as important. Most people are using the “cloud” to store more and more files these days. Services like Apple iCloud, DropBox, Box.net, Google Drive, Microsoft SkyDrive, Carbonite, etc. are popping up everywhere. They are super convenient, and yet, a poor password on any of these accounts is a recipe for disaster.
  • Use a strong password for anything tied to your credit card. There are probably more of these than you realize. Good examples are your Apple ID, your Google Account (Google Checkout), Amazon, eBay, BestBuy, OfficeDepot, AmericanAirlines, etc. Again, individual passwords are best, but if you must duplicate these, at least pick a good one to copy.
  • Don’t forget your computer password. It’s tempting to keep the login password(s) for your actual computer(s) simple and quick to type in. This can be one of the most devastating passwords to have hacked, as it opens up your entire home network to trouble. And, while you’re updating your computer password, go ahead and strengthen the password on your router (which is actually the very first door a hacker has to open).
  • Use 2-step verification. The most advanced sites are now offering a process called 2-step verification. I’ll be honest, turning this on can be an annoyance, but it’s well worth the small hassle. Basically, this forces you to enter a special code sent via text to your cell phone in order to log in a particular site from a new device. Not everyone offers this (yet), but here are links to a few of the most important ones: Google, Dropbox, Facebook, Microsoft, Yahoo, and LastPass.
  • Remember all your passwords SECURELY with a password manager. Instead of writing your passwords down and “hiding” them on the shelf next to your monitor, consider a password management service. There are a number of these tools, and I’m not really qualified to assess their security, so I’ll refer you instead to a great  Lifehacker article on the topic. Per their recommendations I prefer to use LastPass.
  • Teach your kids. While they may not yet have an online bank account, nor any credit cards to hack, teaching your kids good password practices is a very important life skill. It’ll also help keep other kids (and predators) from hacking their social sites, email, etc.

Now that you know some best practices for password security, enjoy the following info-graphic highlighting just how smart you are compared to the rest of the world.

Tagged , , , , , ,
%d bloggers like this: