Protecting your accounts – some password tips, and 2-factor authentication

This post comes a bit later than I originally intended, but with things so crazy here at work as the semester has gotten underway, I’m surprised that I’ve had any time to sit at my desk in the first place.

It may be old news by now, but this article, which details the now-infamous hacking of journalist Mat Honan, is one of the scariest things I’ve read in a long time, at least from a digital life perspective.  Before you continue reading this post, please take some time to read the article if you haven’t already.  (note: the article contains some strong language).

Done?  Good, read on.

Since the time of the hacking, Apple has reportedly stopped allowing iCloud password resets over the phone, and Amazon followed suit some days later.  But the underlying premise here is still very real, and very concerning – just how secure are your sensitive data and accounts online?

This post is going to be a short post with a few links for you to read, focusing on two security measures that I strongly recommend you take.

First, if you have a Google account, enable 2-step verification (also called 2-factor authentication).  It involves a traditional password (“something you know”), but adds an access code sent via SMS to your phone (“something you have”).  It takes more time, but you can opt to do this every 30 days if you’re on a trusted computer.  Plus, you’ll get an SMS in the event that an unauthorized party successfully gets past your password phase on your account.  Rather than go over it in detail here, I’m going to instead link you to a good article and video about it.

Second, in general, your passwords should be strong passwords.  Some guidelines to follow can be found here.  Also, one of my favorite webcomics did a strip about this topic as well, seen here.  Bottom line – password length matters more than all of those “special characters” that website ask you to enter.

Finally, I am exploring password managers such as 1Password.  I haven’t ever used one before, but they seem like a decent enough idea.

Please take steps to secure your online identities and information.  Don’t wait for the companies who hold all of your personal information to patch their holes.  Not everyone who hacks accounts like in the story above is doing it just to educate the masses…

8 thoughts on “Protecting your accounts – some password tips, and 2-factor authentication

  1. Hi: We are prepare to open a Tech & Arts Academy in Miami Florida..A fussion between Music practice and technology..I like yours comments…Best regards

    • Thanks! Glad you’re taking interest in my writing. Wish you the best as you open your Academy!
      — Matt

  2. Any thoughts on using the SMS vs. the Google Authenticator app to generate the code? (for Google 2-Step Verification). The video mentioned it, but I was curious what you thought…

    • Becky,

      I’m not a huge fan of writing down passwords to anything, so I’d prefer the SMS, personally. But they do have a point – Google Authenticator is good for those times where you don’t happen to have your phone, or the battery dies, or…etc. I like the idea of printing a few out and keeping them in your wallet for “emergencies” like that. So…both…I guess…with SMS being the primary method and G.A. being a backup.

      Thanks for writing!
      — Matt

  3. Hi, Matt.

    According to Google, two-step verification is not administratively enabled for the Google Apps domain Do you know something I don’t?

    • Ian,

      Thanks for the comment. I do not know if/when UNCG (who uses Google Apps) will enable 2-factor authentication. If you have a normal Gmail account, you can activate this feature. I can check with the Google Apps admin team here to see if it’s in their plans.

      — Matt

  4. I asked ITS (via 6-tech ticket), and was told (by Nick) that they can’t because they’re using Shibboleth single sign-on handled by UNCG, but two-factor authentication has to be handled via Google.

    I have enabled it for my personal Google Apps domain. It was a pain to get working, but now it seems to be functioning properly.

    • I had wondered if Shib was going to get in the way of this…and it appears so. Guess we’re stuck using it on vanilla Gmail only!

      — Matt

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>