- Internet & the Web
Going Over the Password: how to Definitely Protect your Digital Life
Our Facebook profile contains messages sent to our friends, photos and memories. Our mailbox gives access to personal stuff, while our cloud storage account keeps our data safe and easily accessible from everywhere. Many important things we have are stored on the cloud and this involves people finding the best ways in order to protect their accounts from hackers. Gaining access to someone else's account means violating their privacy and getting potential sensitive information. Everyone should take appropriat measures in order to protech their data: choosing a strong password (which is at the same time easy to remember) is surely the best advice everyone can follow, despite many people tend to just use simple words you can find in a dictionary, as their passwords. However many of the biggest online services offer an addictional security measure you can apply in order to definitely protect your account, giving you assurance nobody else will be able to enter, even if they guess your password: the two steps verification. In this article I will describe how this option will be able to fully protect your online data and I will show you steps to enable it in various online services.
A Second Password
The two steps verification basically consists in an additional PIN code you are asked to type only after you inserted your correct username and password: so it is something shown after you have already logged in with your correct credentials. However in order for the access to be fully performed, you have to type this PIN code, otherwise you are not able to use the services and you are automatically logged out.
This security measure is the same adopted by some online banks in order to protect their customers: the PIN code is temporary and can be sent to your phone or generated with an OTP app.
In addition to temporary PIN, some web services allow you to validate your access by plugging a USB OTP smart key in your PC. In this case, logging in to your account is the same of entering your home: you can even carry your OTP device with your bunch of keys (even if you still also have to enter username and password).
Do you prefer to enable temporary codes or USB OTP key?
Google Authenticator is the popular OTP app you can find on Google Play Store and Apple App Store. Here you can configure keys for your accounts and generate temporary codes, like it happesn with OTP tokens provided by banks for access to online services. Google Authenticator is not limited to Google services, but it allows you to associate also accounts of other websites.
A similar app is Authy, which also offers you the ability to save an encrypted backup of your OTP keys on the cloud, so that you can easily recover them when changing phone.
Enabling Two Steps Verification on a Google Account
A Google Account is maybe one of the most important containers for our personal data: here you can store mails, files music, buy movies and apps, manage ads, hosting blogs and websites, store photos and much more, If you save everything on your Google Account, protecting it is very important. Google allows you to enable two steps verification by SMS, OTP app and backup codes (these are automatically enabled in order to allow you recover your account easily in case you lose your phone). Google describes in this article how to enable this security measure. In addition to the authentication by code, there is also the option to enable verification by plugging in an OTP key to the PC: without this physical key, unless you have also enabled codes, you are not allowed to access your account (backup codes are always generated in order you have a last option to use in case you lose phone and OTP key).
Keep Curious People Away from your Social Profiles
Your Facebook profile needs to be appropriately secured, as many friends, curious people, ex boyfriends / girlfriends and hackers would love to guess your password and use your profile without you know it. Also hackers are attracted by user profiles, as they can use them to spread malware or to commit spam attacks. Luckily also the popular social network gives users the option to enable two steps verification: in this case you have three options: SMS, code generated by the Facebook mobile app (in which you need to be already logged in) and external OTP apps. In order to enable this security option you should go to your Facebook Settings, go to Security section and enable "Login Approvals" option.
You can do the same with Twitter: in this case you can receive codes via SMS or authorize access from mobile app (I suggest the first choice so that if you lose your phone you are not locked out of your account and you can get access to it after having replaced the SIM card). In order to enable two steps verification in Twitter you should go to Settings, Security section and here you will find the option at the top of the page.
Protecting Financial Transactions
Almost every bank who offers online access to our account gives us an OTP token which generates a temporary PIN code to be typed after your username and your password. However not only banks offer this: also PayPal, the famous service you can use to easily pay on the web in a click, gives you the ability to protect your account with two steps verification. In this case you can choose to receive a code via SMS or to generate it via Symantec VIP app (an OTP app which is different from Google Authenticator and Authy, as it is a proprietary OTP system where you cannot add other OTP keys).
Have you ever heard about two steps verification?
© 2016 Alessio Ganci