![]() ![]() ![]() These days, as in both the Honan situation and the recent Dropbox breach, a major reason things went bad was that one password was used for multiple accounts. Second, use different passphrases for each of your accounts. "Always color outside the lines!" is both much easier to remember and far harder to break than say "Tr)ub4DORm1." First, don't use passwords, use passphrases. Since Google played a role in the Honan case and almost everyone uses some Google service or the other-and Apple doesn't support two-factor authentication-let's go over how to turn on Google's version of two-factor authentication: two-step verification.īefore jumping in that though here are some other basics. On the Web, two-factor authentication typically requires you have both a password and a phone with its unique number, which can be used as the item. As the name suggests it requires you to both show you know something, typically a password, and have a unique item that identifies you. If you've ever worked in a shop that required you both to show an ID card and enter a pin to go through a door, you've used it. Two-factor authentication is ancient IT technology. There are several ways to try to protect your online accounts and one of the more important of these is two-factor authentication. ![]() That could have been you, and it could have been worse. You don't need your phone to use two-factor authentication-it's just a relatively simple choice.Do you really think security is too much trouble? That no one is ever going to bother with your accounts? Ask former Gizmodo employee Mat Honan if he feels that way after his accounts and devices were wiped clean. I use one of these, and it's great-you just tap a button to log in to things. Or you could use a YubiKey, a dedicated USB device you can plug into any computer to verify your identity. You can make a list of backup codes, which you can print out and store somewhere secure. Head to Google's two-step verification settings, where you can add backup ways to access your account, some of which don't require a phone. What if you don't have your phone? How are you supposed to log in to your Google account? There are a few options. Steps like the one Google just took could help kill off passwords everywhere. Here at Zapier, we stopped using passwords for our internal VPN, and it works great. One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past. Google hopes that changes and is even dreaming of a world without passwords. No major tech company has made two-factor authentication the default until now, which is probably why the vast majority of users don't use it. Google's two-factor system is interesting because you don't have to install or set up a special app to use it: Android users get a system-wide notification, while iPhone users can see the message in the Gmail or Google app. Early versions of this would send you a text message, but most security experts recommend using a dedicated app like Authy. The idea is that you set up a second form of verification, so that an attacker with your password can't sign in. This is why Google started offering two-factor authentication a decade ago, in 2011. The result: if one password leaks, an attacker can use it to access all of your accounts. Most people use the same password for every service because it's easier than remembering multiple passwords or setting up a password manager. Why did Google change how signing in works? It's painless, but it's also a big boost to your security. Hit Yes, and that's it-your computer will sign in. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |