TechTip: Using 2 Factor Authentication for secure access to websites

#TechTip Use 2 factor authentication for the websites that have it. Makes it that much harder to hack & will alert you if someone tries

We continue our week of Password protection in our Tech Tips blog for the week.  As we mentioned the past few days, changing your password is important, and choosing a password that is complex enough not to be broken easily is essential to online security.  Along with that, each online login should have its own password, and you should use a password manager to keep them all secured.

Today we look at 2 Factor authentication.  Many website are starting to implement this to increase security to its users by making it difficult for someone just with a password to access your account.

What is 2 Factor Authentication?

800px-SecureID_token_newThe concept behind 2 factor authentication is that you basically have 2 passwords: Your normal password, and a separately generated password that is given to you each time you log on, or an item that you must use to access your information.  You may be most familiar with 2 factor authentication in the corporate world using secure login tokens.  When a company needs you to log into their secure computer system, you will have to enter your password, as well as a code generated in the token key.  Typically these systems have been reserved for businesses who can afford the high security, but not it is becoming made available to average users through different means.

For portals like Gmail, Google has introduced 2 factor authentication using text messages sent to your smartphone.  When you activate it and log on, a text message with a 6 digit code is sent via SMS to your mobile phone.  You then enter that number into the next screen after your password and then you are let in.  The obvious benefit to this is that even if someone gets your password, they won’t be able to access your email unless they can also intercept that text message.

Twitter as well has added additional verification as a security feature to your twitter account.  Twitter has both SMS verification as well as a feature built into the Twitter app for Android and iOS phones which require you to have your smartphone when you log into Twitter.  This ensures that anyone wishing to access your account will need both your password and your smartphone to get in.  More information on Twitters additional verification features can be found on their Support page.

PayPal has its own version of 2 factor authentication which includes either SMS or a digital token.  When you log on to your enabled Paypal account, you will be asked for a second step.  You can either have an SMS message sent to your phone, or you can get one of their authentication tokens.  They use a credit card sized token that generates a new passcode every time you press the button on the card.  It costs a few dollars to get the card, but its good security if you don’t want to use the SMS feature.

If you are concerned about access to a particular site, you can look in their help sections to see if they provide additional sign in options that will give you the extra security you need.

Advertisements

Tech Tip: Use different passwords for all your online portals

#TechTip: use a different password for each online portal. It will limit your exposure if 1 password is compromised
Today’s Tech Tip blog continues on our theme from yesterday.  Passwords are making it back in the news after last weeks announcement that close to 2 million passwords were stolen from major web portals.  Yesterday we talked about what you should include in your password.  Today we cover how many passwords you need.
The short answer:  Lots!
Yes, it is easy to have 1 password that you use on everything.  Makes it easy to log into sites you don’t normally access and keeps everything nice and clean.  However the more sites you have with the same password means you are opening yourself up to a greater level of exposure.  It is important, especially on popular sites like Gmail, Facebook and Twitter (basically all high profile social media sites) to maintain different passwords for each site.
If you are afraid of remembering all your passwords, you can alter each password by only a few digits and make sure to can figure out which password is for each site.  Even better is is a completely different, random password for each site.
How do I remember all my passwords if you need me to have dozens or hundreds of different passwords?
That is the topic for our next blog post on password management.  Stay tuned.

Tech Tip: Change your passwords to ensure security

#TechTip: Change your passwords often. Don’t use words found in a dictionary or easy number combinations.

Last week, news broke of a major password breach on a number of major social media websites.  Close to 2 million passwords were accessed from sites like Gmail, Facebook and Twitter.  The security breach means if your password was compromised, you may be susceptible to attack from other hackers.

It is strongly advised that you change your passwords.  Even if you don’t think you were affected, its always good to change your passwords now and then for security.  This week, we are going to bring a series of tips and blogs on why security for your password is important and offer tips on what to do.

First for this week, lets talk about the actual password you use.  Do not use names, dates, or any word that can be found in a dictionary.  Even words that are linked together can be cracked.  If its found in a dictionary, it can be cracked.  It is strongly suggested that passwords contain the following elements:

  • Upper Case letters
  • Lower Case letters
  • Numbers
  • Punctuation
  • 8 or more characters

If you include these in your password, and they are not based on any dictionary words, chances are its a secure password.  Having said that, almost any password can be hacked by a skilled hacker.  The point is not to make an uncrackable code, but to create a code that would require so much effort for a potential hacker to crack that it wouldn’t be worth their time or resources to try.

Even with good strong passwords that can’t be easily cracked, its still suggested you change your passwords often.  Your login credentials for the sites you visit are usually kept in a database somewhere.  Its those databases that hackers tend to be attracted to.  If they manage to get in and steal a file containing many passwords, then all the complexity in the world won’t help you.  Simply changing your password will avoid any issues.