Getting Comfortable With The Basics

 Two Factor Authentication                                  Creating strong passwords

What is two factor authentication?

Two-factor authentication means using two authentication methods (e.g. password, value from physical token, text message, or automated voice call with token number) to increase the assurance that the bearer has been authorized to access secure systems.

"Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked" – LifeHacker

Google 2-step verification

  • Google 2-step verification – How it works: –  Google 2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone – as well as your username and password – when you sign in. This means that if someone steals or guesses your password, the potential hijacker still can't sign in to your account because they don't have your phone.  No other email provider offers 2-step verification.  I use this feature it requires a bit more effort to setup but makes your Google account more secure than most banking sites.  Glenn
    • Install Google Authenticator – If you set up 2-Step Verification, you can use the Google Authenticator app to receive codes even if you don’t have an Internet connection or mobile service.

Authy app:
Authy brings the future of strong authentication to the convenience of your Android device.

The Authy app generates secure 2 step verification tokens on your device. It helps you protect your account from hackers and hijackers by adding an additional layer of security. Authy makes it really easy to use Two-Factor Authentication on your online accounts using your smartphone. 

Why Authy is the best multi factor authentication app:

  • Secure Cloud Backups:
    • Did you lose your device and got locked out of all of your accounts? Authy provides secure cloud encrypted backups so you will never lose access to your tokens again. We use the same algorithm banks and the NSA use to protect their information.
  • Multi Device Synchronization:
    • Are your re-scanning all your QR codes just to add them to your tablet and smartphone? With authy you can simply add devices to your account and all of your 2fa tokens will automatically synchronize.
  • Offline:
    • Still waiting for an SMS to arrive? do you travel constantly and lose access to your accounts? Authy generates secure tokens offline from the safety of your Android device, this way you can authenticate securely even when in airplane mode.
  • All of your accounts:
    • We support most major multifactor authentication accounts including Facebook, Dropbox, Amazon, Gmail, and thousands of other providers. We also support 8 digit tokens.

Authy: Two-Factor Authentication Made Easy 

Secure Yourself by Using Two-Step Verification on These 16 Web Services 

What Happens If I Use Two-Factor Authentication and Lose My Phone? by

Authy for your personal computer

Authy lets you use "something you know" paired with "something you have" to log in securely into your accounts using two-factor authentication. Up until now, however, what you "have" was either your cellphone, your smartphone or your tablet.

But now Authy provides secure and seamless two-factor authentication to users everywhere, with the Authy App for PCs available on Windows, Mac, and Linux.

Two-Step Authentication Methods

  • The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. It comes in 2 types, each with different advantages.
    • Security key: You carry this small credit-card sized device with you. It creates a unique security code on the go.
    • Mobile phone security key: You can sign up to get security codes sent by text message to your mobile phone.
  • Charles Schwab – Enroll in one-time password protection (including Soft Tokens) A one-time-password (OTP) token is a common method for what’s known as two-factor or multi-factor authentication. It provides you with a single-use numeric password that you use in addition to your usual password when logging into your account(s). These single-use passwords protect the security of your accounts, even if someone else has correctly guessed your existing login ID and password. Schwab now offers soft token code delivery via mobile app, giving you the option to leverage your existing smartphone instead of a physical token.   To set up a soft token call, Schwab customer service 800-435-4000.  Call your own financial institution, ask if they offer something similar.
  • Multi-factor authentication – Wikipedia, the free encyclopedia – Multi-factor authentication (also Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something the user knows"), a possession factor ("something the user has"), and an inherence factor ("something the user is").
  • Please turn on two-factor authentication –  Two-factor authentication means “something you know” (like a password) and “something you have,” which can be an object like a phone.
  • Here's Everywhere You Should Enable Two-Factor Authentication – Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked.
  • List of websites and whether or not they support 2FA.

 Consider a password manager:

  • LastPass is a free password manager that makes web browsing easier and more secure. It’s free to use on all your computers! Automatically synchronizes your data: access it from anywhere at anytime. All of your data is encrypted locally on your PC – only YOU can unlock it. Using a Mac, Windows, or Linux? LastPass works everywhere. Authy and Google Authenticator work with Lastpass.
  • AI RoboForm from Siber Systems
    Manage your passwords and information with Roboform. It will automatically fill in password information or login information to any online account or Web site. Create an identity with all of your personal information–name, address, telephone, etc. You won’t have to waste time retyping that information ever again! Stuck trying to think of a new password? It will generate secure random passwords for you. All personal information is securely stored on your computer. Cost: Free limited version; $29.99 for Pro edition

The Tech Guy with Leo Laporte

From computers, the internet, iPods, and cell phones to camcorders, digital cameras, gaming systems, and home theaters Leo Laporte provides entertaining tech talk that appeals to the inner geek in us all. The Tech Guy airs every weekend in over 170 cities in the US and Canada. 

Here is an excerpt from the July 29th 2017 Tech Guy program.

How can I get my gmail account back from a hacker?

Clinton from Alberta, Canada

Clinton's Google account was hacked, and the password recovery was changed to another email address. Leo says that's why Google and Leo recommend 2 Factor Authentication so that he would be contacted should a password change happen. He can also use a secondary email. Clinton can contact Google and they can perhaps get his account back by answering questions that only he would know about.

He should keep in mind that if he used this as a recovery email for other sites, they are vulnerable as well. So he'll have to get it back ASAP before more damage is done.

Check out these articles on hacking for more guidance:

Kevin Roos: I dared two expert hackers to destroy my life. Here's what happened.
Mat Honan: How I Resurrected My Digital Life After an Epic Hacking


Tech News by Topic