Saturday, December 15, 2012

Steve's Security Update

The other day I was reading this lengthy article in Wired magazine. It's a story explaining how a technical journalist got hacked (very easily) and lost a lot in the process.  If you have 10 minutes, I would suggest reading the article.  If not, here is my quick synopsis:
  1. Too many people use the same password for lots of important web sites (email, banking, ...) and there have been lots of hacking events where millions of userid and passwords were stolen and posted to the Internet.
  2. It is very easy to buy most of the important personal information for anyone.  This includes things like your social security number, previous and current addresses, and even mother's maiden name.  When you call into a service, like a credit card company, this information is 99% of what they ask you.
  3. If someone can get into your main email account, then it is very easy for them to get into most of your other accounts.  They just go to the password reset page and it sends your new password to your registered email account, which they can read, and then put in the trash so you don't see it.  That's sure simple.
There's more in the article, but I found it a bit disconcerting.  I am not going to dive into a cave of paranoia, but I did make one change. My primary email is through Gmail and Google has added an option called two-step verification.  Instead of just wanting you to know a password, it wants you to know a password and have your cellphone.  I will let Google explain it to you, but it took me about 20 minutes to set up the first time and for my day-to-day email with Outlook, my iPad and iPhone, it won't take any additional time.  If I try to log in from another computer, phone or application, it will require another minute or two.

Here is Google's  little video explaining it and there's a link to take you to the setup.

By the way, I think this works best with phone's that get text messages, but you can set it up so that you can do the same thing with a voice call instead.  As an aside, if you still don't get text messages on your phone, I would offer that you may want to join us up here in the 21st century. 
Post a Comment