Google recently launched their advanced sign-in security, which makes use of “Two Factor Authentication”. In the case of Google, this is a strategy to prevent unauthorized access to your gmail account. However, securing your email account has far-reaching implications beyond just your email.
Someone getting into your primary email exposes you to identity theft, financial theft, as well physical burglary. Your account may also become the source of spam email or used to target your email contacts.
Google’s new authentication works on the same principle used for physical door access, in which two methods of identification is orders of magnitude better than one. For Google, that means using your login name and password plus a “token” which is constantly changing (one which you may obtain from your cell phone or other device) to add an extra level of security to your email account. In a physical access control system, the parallel would be the use of both a proximity card or fob and a numeric pin code to gain entry.
In each scenario, you must both have something and know something for access. This double-layered system prevents your password (or pin) from being hijacked and your accounts being hacked. It is the same principle as your ATM card (which you must have, but you must also know your pin).
Two factor gmail login adds a small but reasonable level of inconvenience. Think of what a thief would know (e.g., travel itinerary, addresses, relations, personal codes, maybe your security alarm system password) if they got into your email account, which in many cases is all too easy.
For information on how to set up Google Advanced Sign-In, visit Google’s official blog.
On December 12th, hackers were able to compromise and download the user names and passwords from a highly visible and respected blog media network. The account database itself was only for the login information to the commenting functions of these sites. In itself there was very little that could be exploited with the information. However, it called out the widespread practice of using poor quality passwords, and worse, using the same passwords on multiple sites.
The two most frequent and devastating errors and omissions made by computer users is 1. not backing up and 2. using poor quality passwords. Both of these present significant risks in day to day life but have an added risk when it comes to burglaries, theft, and loss.
First, take the odd burglary Marc Fisher wrote about this week in the Washington Post. Marc’s home was broken into and, among other items, the burgler took his son’s laptop. The burglar, illustrating a bizarre lack of discretion, actually posted a picture of himself to son’s Facebook account (the only insight here is don’t assume a burglar will do or not do something because it seems rational to you or me). Now not only does does the son not have a backup, he has lost data that is important to him, but burglar has access to his data and potentially his passwords.
The 5 steps in minimizing the damage if your computer is lost or stolen:
And the best defense is of course keeping it from being stolen in the first place. Don’t leave electronics or valuables visible from outside your home. If they can be seen through the window the chances of being stolen are much greater. Arm your alarm system for instant mode even when you are home in the middle of the day.
I use a Mac and backup locally with Apple Time Machine. This is a free application that comes in OS X.
Available for on-site and off-site backups on Mac, Windows, and Linux is CrashPlan. This is a very flexible free and paid application which give you multiple options for cost effective backups.
For off-site backups I use Mozy AND JungleDisk. Both offer large abouts of off-site storage (think 300GB of photos) for very reasonable costs.
Password Management Resources:
Having a different complex password is easier said than done. A management application which keeps track of passwords, generates secure passwords, and brings up the information when you need it is helpful. 1password.com and lastpass.com are feature-rich and effective. (CM84QPQQ3ER9)