Getting Comfortable With The Basics

Two Factor Authentication

Protect Your Accounts

What is two-factor authentication?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication items to verify themselves. This process protects both the user’s credentials and the user’s account.


Authy App:

Authy brings the future of strong authentication to the convenience of all of your devices. The Authy app generates secure 2 step verification tokens on your device. It helps you protect your account from hackers and hijackers by adding layers of security. Authy makes it easy to use Two-Factor Authentication on your online accounts using your smartphone.

Why Authy is the best multi-factor authentication app:


The Google Titan Security Key – Help prevent account takeovers from phishing attacks.


Google 2-step verification

  • Google 2-step verification – How it works: –  Google 2-step verification adds an extra layer of security to your Google Account by requiring you to have access to your phone as well as your username and password when you sign in.  I use this feature; it requires a bit more effort to set up but makes your Google account more secure than most banking sites.  Glenn
    • Install Google Authenticator – If you set up 2-Step Verification, you can use the Google Authenticator app to receive codes even if you don’t have an Internet connection or mobile service.

Protect Your Accounts

Most digital accounts have settings that can help regain control of your account if it’s compromised. However, before your account is compromised, the recovery settings must be set up. 

These are the things you can do:

  • Create a PIN for logins and password changes. A PIN is critical to set up with your cellular carrier, as it’s a great defense against SIM hijacking.
  • Use a two-factor security method, for example, Google Authenticator or Authy, instead of SMS-based 2FA logins. For extra security, use a hardware token to protect your accounts.
  • Create and record Backup codes (some accounts use the term Grid or Recovery code, etc.) They all are one-time use recovery access for your account. These codes should be printed and stored in a safe place (fireproof safe, safe deposit box, or at least off-site).
  • Use security recovery questions that are not related to your personal life. I answer the security questions with random text generated by my password manager and store them in each site’s password manager notes area.
  • Don’t use your smartphone phone number from your accounts, if possible. (If a phone number is needed, use a Google Voice number for your sensitive accounts.)
  • Use long, randomized, and unique passwords for each account.
  • Use a secure password manager.
  • Don’t use services like (Google, Facebook, Twitter, etc.) to sign in to other services; if the attacker compromises one of the services, they can access a lot more of your digital life.

You should also note account-related information that identifies you as the rightful account holder.

  • When you created the account
  • Previous screen names on the account
  • Physical addresses associated with the account
  • Credit card numbers or bank statements that show you made purchases.
  • Content created by gaming accounts, such as character names, for an online video game.

Making a list of all your critical accounts will make reacting to SIM swaps or ID theft easier, as you’ll be able to quickly go through each service and change passwords, email addresses, etc. The list should be stored securely and have as a printout rather than saving it on an online service.


Cautionary Tales

Please turn on two-factor authentication –  Two-factor authentication means “something you know” (like a password) and “something you have,” which can be an object like a phone.

The Tech Guy with Leo Laporte – From computers, the internet, iPods, and cell phones to camcorders, digital cameras, gaming systems, and home theaters, Leo provides entertaining tech talk. The Tech Guy airs every weekend in over 170 cities in the US and Canada.

Here is an excerpt from the July 29th, 2017 Tech Guy program.

How can I get my Gmail account back from a hacker? Clinton from Alberta, Canada

Clinton’s Google account got hacked, and his password recovery email address was changed. Leo says that’s why Google and Leo recommend 2 Factor Authentication so that he would be contacted should a password change happen. He can also use a secondary email. Clinton can contact Google and perhaps get his account back by answering questions that only he would know.

He should keep in mind that if he used this as a recovery email for other sites, they are also vulnerable. So he’ll have to get his email account back ASAP before more accounts are compromised.

Check out these articles on hacking for more guidance:

Kevin Roos: I dared two expert hackers to destroy my life. Here’s what happened.
Mat Honan: How I Resurrected My Digital Life After an Epic Hacking
 

Tech News by Topic