It’s clear that bad actors have identified hacking as a strategic priority to advance their agenda…. from account takeovers (like AP’s loss of their Twitter account yesterday, which sent the markets briefly plunging) to theft of private online content (like the arrest of a political intern for stealing intimate pictures of former classmates for blackmail), the theft of other people’s online property is increasing in scale, scope, and importance.
Each attack is different, but there is one step you can take today, with your email and your cel phone that will reduce your personal vulnerability to attack by 90% or more.
Passwords are inherently insecure because of the vagaries of human nature. We use the same passwords over and over because we can’t remember many, and the passwords we do pick tend to have non-random content, like the name of our dog or our child. We share them (spouses, customer support, the guy on the help desk in IT). Worse yet, the password reset clues we use are almost always guessable by bad actors (mother’s maiden name, name of the street you grew up on, etc).
Security and identity is a big topic, but at heart, enhancing your email security comes down to using two factors together:
- Something you know, along with
- Something you have
Accessing a website or your email via a password is using something you know, and it is called single factor authentication. But anyone else who knows it has the same access you do, and that is how email and websites are hacked.
A much more secure method is two factor authentication, which uses something always in your possession (usually your cel phone) to confirm that it is really you logging in. In a typical two factor setup, you register your cel number in your account settings and activate authentication., Afterwards, every time you log in (from an unknown device or IP address), you will receive a text message with a code. You’ll be prompted for the code on the web page. If you don’t have the code, the password alone will not provide access to the account.
You’ll be hearing more about two factor authentication in the coming months, as large social media sites like Twitter and Facebook make it available. But for users of many email services (like gmail), it’s available now. Find it, and turn it on. It’s the one thing you can do today that will reduce your vulnerability to email hacking by 90% or more.