sbs20

Secure Yourself

2016-04-01 Hygiene

Secure keys

You use two factor authentication (2FA) right? Sometimes it’s called two-step verification or dual factor authentication. The idea is that as well as a password you need a temporary code to log in to your account. In short, even if someone guesses or steals your password, they won’t have your code (which is either sent by text message or generated in an app) and therefore can’t log in. If you work in a bank or big corporation then you might have one of those RSA keyfob things — this is 2FA. You really ought to have 2FA on your personal accounts. If you already know what it is and you haven’t done it yet, just go and do it. Don’t even bother reading this.

The other day a very capable and bright friend of mine thought I was just being needlessly nerdy when I said that it was essential to secure your email. I’ve always known that most people don’t really get computers, let alone security, but this worried me. I remember reading this seriously scary article by Mat Honan a few years ago.

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

He goes on:

Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.

This is a competent technology reporter — and I can only imagine the fear in those dawning moments of horror as he realised what had happened. And yet, I imagine most people are in the same boat. “But who would be interested in my data?” comes the response. Hackers don’t give a fuck about whether it’s your data — they just care whether an account is easy to get into. For more horror read this account of email hell by James Fallows.

Imagine losing all your data. Music and film can be replaced. You can probably get over the loss of those old emails but photos and home videos?

The solution is simple — enable two factor authentication on your accounts. If you only change one account, make it your primary email — it is the gateway to everything. If you have a second backup account, you need to do that one too as it’s the gateway to the gateway to everything. This will stop password recovery pestilence even if your other satellite accounts are hacked. Ideally, do it for everything where either money or your prized data is concerned.

What now? #

There are a number of ways of securing everything — this is my preferred way. If you want to go your own route, that’s cool.

Install an authenticator app. I use Google Authenticator (Android / iPhone) but there’s also Microsoft Authenticator (Windows) [don’t install this on your PC — unless you know why you’re doing it] and Authy too.

Now secure your Gmail and / or Outlook / Hotmail / Microsoft (enable “Two-step verification” and then “Set up identity verification app”). Yahoo too. Then take care of Dropbox, Evernote, LastPass, Wordpress and Facebook and even Amazon (UK).

If you like Apples make sure you do that too although I’m not an expert here and I don’t think it supports an app. And the last time I checked Twitter and Paypal did not support an authenticator app either — but they still support 2FA by sending you a text message (Update: they do now). Login to each and poke around the settings. I don’t like the text message approach as much but it’s still better than not using it — especially when you consider that Twitter can be used to authenticate you to other sites and that Paypal has access to your money.

Now that’s done, go and make a nice cup of tea and have a biscuit.