Monday, April 13, 2015
Logins that require only a password are not secure. What if someone gets your password? They can log in, and the site won’t know it’s not you.
Think nobody could guess your 15-character password of mumbo-jumbo? It’s still possible: A keylogger or visual hacker could obtain it while you’re sitting there sipping your 700-calorie latte as you use your laptop. Or, you can be tricked—via a phishing e-mail—into giving out your super strong password. The simple username/password combination is extremely vulnerable to a litany of attacks.
What a crook can’t possibly do, however, is log into one of your accounts using YOUR phone (unless he steals it, of course). And why would he need your phone? Because your account requires two-factor authentication: your password and then verification of a one-time passcode that the site sends to your phone.
Two-factor authentication also prevents someone from getting into your account from a device other than the one that you’ve set up the two-factor with.
You may already have accounts that enable two-factor authentication; just activate it and you’ve just beefed up your account security.
Facebook
- Its two-factor is called login approvals; enable it in the security section.
- You can use a smartphone application to create authentication codes offline.
Apple
- Its two-factor works only with SMS and Find my iPhone; activate it in the password and security section.
- Apple’s two-factor is available only in the U.S., Australia, New Zealand and the U.K.
Twitter
- Twitter’s two-factor is called login verification.
- Enabling it is easy.
- Requires a dependable phone
Google
- Google’s two-factor is called 2-step verification.
- It can be configured for multiple Google accounts.
Dropbox
- Activating two-factor here is easy; go to the security section.
- SMS authentication plus other authentication apps are supported.
Microsoft
- Enable it in the security info section
- Works with other authentication apps.
Additionally, check to see if any other accounts you have offer two-factor, such as your bank (though most banks still do not offer this as described above, but do provide a variation of two factor).
Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention. Disclosures.
About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
Similar Posts
- 10 tips to Secure Passwords
Ever wonder just how hackers bust into systems and cause destruction? One reason is because people are still using weak passwords. While your pet’s name and wedding anniversary dates are easy to remember and sentimental to use, this approach makes a hacker’s job all too easy. Here are 10 things you should know about passwords. Never - 10 Ways to Protect Your Twitter Account From Getting Hacked
Recent news of Twitter accounts being hacked has slowed a bit, partly due to Twitter implementing two-factor authentication. When you sign in to Twitter.com, there’s an option in “Settings” under “Account security” for a second check to require a verification code to make sure it’s really you. You’ll be asked to register a verified phone number and - Username and Passwords Are Facilitating Fraud
In 2005, the Federal Financial Institutions Examination Council stated: “The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Account fraud and identity theft are frequently the result of single-factor (e.g., ID/password) authentication exploitation. Where risk assessments - 3 Stupid Simple Tips to protect your Identity
For anyone who goes online, it’s impossible to hack-proof yourself, but not impossible to make a hacker’s job extremely difficult. Here are three things to almost hack-proof yourself. Two-factor authentication. Imagine a hacker, who has your password, trying to get into your account upon learning he must enter a unique code that’s sent to your smartphone. - Password Security vulnerable to Trickery
There’s only one entrance to the house: a steel door two feet thick. If someone from the outside touched the door—even with a battering ram—they’ll get an electric shock. No bad guys could get through, right? Well, suppose the bad guy tricks the homeowner into opening the door…and once open, the bad guy strangles the homeowner.