Basic Security You Need Now – Two-Factor Authentication

One of the ways that everyone who uses the internet is most vulnerable to being “hacked” is by having weak and non unique passwords Managing various accounts while maintaining unique and strong passwords is a challenge where most people fail.

Typically, unless you have a public presence on the web such as a website or very popular twitter account you won’t be targeted directly by hackers. Your main risk is your information (email address & password) not being protected by a company that you trust.

Many of us have iPhones & Apple products; how many of you use the same password on iTunes that you use someplace else? Some of you may even use the same password for your email which is a disaster waiting to happen.

Imagine a security breach at the company where the hacker has obtained your password and email address. A quick trip over to your email account and iTunes where your passwords are changed, locking you out.

Next stop: icloud.com where your location is determined and your iPhone, iPad , laptop and any other apple device is promptly wiped clean of all data and rendered useless. Next they’ll try the typical online bank, brokerage, shopping and Paypal accounts for a quick hit. Definitely a nightmare scenario.

If you want to read about a similar event that happened to a tech savy Wired magazine reporter, read this article

Typical Password Security Compromises, Vulnerabilities and Risks:

  • Passwords without a mix of numbers, characters, upper & lower case letters
  • Using the same password on multiple sites
  • Using words contained in the dictionary or common slang terms
  • Utilizing common “reset password” questions such as “make of first car, mothers maiden name or where you were born”.

I strongly recommend to start using a good password manager. You don’t have to jump in and start using every option immediately but simply by having a secure and easy to access list of unique passwords will most likely be an improvement over what most people are doing now. Get comfortable and gain confidence with whatever  program you choose. See how it works, learn it over time and that high level of online security will follow.

I also recommend using Two-factor authentication whenever it is available. Gmail and PayPal are examples where I consider it a mandatory personal security feature. Facebook also offers it.
Two-factor authentication has been around before computers. Governments used it by providing Spies with “one-time-pads” to securely transmit information over radio where anyone could intercept the signal.
Modern day Two-factor authentication uses two of the three items listed below:
  • Something you know  (e.g., password, PIN);
  • Something you have (e.g., an app, a key generator ,ATM card, smart card);
  • Something you are (e.g., biometric characteristic, such as a fingerprint).
For securing online activity, enforcing the requirement of having something you know and and something you have  for your email address where you reset passwords from other accounts is highly recommended.
I’ll write more about implementing two factor authentication  but for now here’s some resources to get you started: