TechTip: Using 2 Factor Authentication for secure access to websites

#TechTip Use 2 factor authentication for the websites that have it. Makes it that much harder to hack & will alert you if someone tries

We continue our week of Password protection in our Tech Tips blog for the week.  As we mentioned the past few days, changing your password is important, and choosing a password that is complex enough not to be broken easily is essential to online security.  Along with that, each online login should have its own password, and you should use a password manager to keep them all secured.

Today we look at 2 Factor authentication.  Many website are starting to implement this to increase security to its users by making it difficult for someone just with a password to access your account.

What is 2 Factor Authentication?

800px-SecureID_token_newThe concept behind 2 factor authentication is that you basically have 2 passwords: Your normal password, and a separately generated password that is given to you each time you log on, or an item that you must use to access your information.  You may be most familiar with 2 factor authentication in the corporate world using secure login tokens.  When a company needs you to log into their secure computer system, you will have to enter your password, as well as a code generated in the token key.  Typically these systems have been reserved for businesses who can afford the high security, but not it is becoming made available to average users through different means.

For portals like Gmail, Google has introduced 2 factor authentication using text messages sent to your smartphone.  When you activate it and log on, a text message with a 6 digit code is sent via SMS to your mobile phone.  You then enter that number into the next screen after your password and then you are let in.  The obvious benefit to this is that even if someone gets your password, they won’t be able to access your email unless they can also intercept that text message.

Twitter as well has added additional verification as a security feature to your twitter account.  Twitter has both SMS verification as well as a feature built into the Twitter app for Android and iOS phones which require you to have your smartphone when you log into Twitter.  This ensures that anyone wishing to access your account will need both your password and your smartphone to get in.  More information on Twitters additional verification features can be found on their Support page.

PayPal has its own version of 2 factor authentication which includes either SMS or a digital token.  When you log on to your enabled Paypal account, you will be asked for a second step.  You can either have an SMS message sent to your phone, or you can get one of their authentication tokens.  They use a credit card sized token that generates a new passcode every time you press the button on the card.  It costs a few dollars to get the card, but its good security if you don’t want to use the SMS feature.

If you are concerned about access to a particular site, you can look in their help sections to see if they provide additional sign in options that will give you the extra security you need.

Advertisements

Tech Tip: Use a Password manager to keep track of all those different logins

#TechTip Use a password manager to record all logins and have 1 master password to access it.

As we continue on with our theme this week of password safety, Lets talk about how to keep track of all those passwords.

Previously, we discussed about how many passwords you need.  As stated, its strongly suggested you have a different password for each online portal you access.  The reason of course being if one of your passwords is compromised, it won’t affect all of your online platforms.  Changing one password isn’t too bad;  changing 50 or 100 would be torture!

So with so many logins and passwords, how do you keep track of them all?

I strongly recommend getting some password management software.  Yes you could always go for the good ol’ notebook with everything written down, but what happens if you lose that book?  You can also keep track of them in a document or spreadsheet file.  They would be backed up, but not necessarily secure.  Unless the file is encrypted or password protected, then it is vulnerable to prying eyes.  Even if you do have an electronic document that is encrypted, searching through many logins could be arduous to find that one login you need.

There are a number of great programs available to help you manage your passwords. Lets take a quick look at some of them.

KeePass

KeePass screenshot

KeePass screenshot

Personally I am a fan of KeePass Password safe.  It is a program that requires a password to open it up and houses a database of all the logins, passwords and site URLs for the web portals you visit.  It stores lots of information, and allows you to generate a random password based on the criteria you ask of it.  So if you are having trouble thinking up random gibberish for your passwords, let this program take care of it for you.

You can sort your password into categories, such as for home, work passwords or online stores to help keep things organized.  If you have lots of passwords, there is also a search feature which will let you find your login credentials easily.

This is also one of the few programs that works on most platforms available.  It is free and Open Source, and there are versions that work on Windows, Mac, Linux, Android, iPhone/iPad, Blackberry and Windows Phone 7, as well as a portable version designed for USB drives.  They may have slightly different names for the different versions because each version is created a little differently to work with the Operating System it is designed for, and some are compatible with slightly different versions of the database, so do a little research with this one depending on what platform you have.

LastPass

Another popular program for managing your passwords is LastPass.  There is both a free version as well as a premium version which includes a mobile component.

Where KeePass is solely a single database of your passwords, LastPass also integrates with an online portion that manages and syncs up your passwords.  The database may be synced online, but the password key to unlocking it is always stored locally so there is little to no risk of having it hacked online in the cloud. It shares similar traits to KeePass, but can also track the sites you visit so it can auto populate logins and passwords where needed.

LastPass has gone to great lengths to have it work on as many browsers and operating systems as possible so you can be comfortable using it on multiples devices, even if they are different technology.  The premium cost is around $1/month

 

Ironkey

We will go into more depth on the Ironkey in a future blog post.  For those that know I am a fan of the Ironkey for its security, but it too also has a password manager built into it.  Like LastPass it can detect what site you are visiting and auto populate the login and password info you need.  It also has a virtual keyboard that can pop up so you can enter passwords using your mouse, thus preventing any key logger malware from detecting your passwords.  The Ironkey solution will be talked about more soon, so stay tuned for that.

Now you know a little more about how to keep your logins secure, and keep your passwords safe.  While it may take a while to go through and adjust all your passwords and log the entries into your password database, doing it once and only once is a savings than having to worry about doing it everytime you one and only password for everything is compromised.

Check out our blog again soon for more tips on security online and password protection.

Tech Tip: Use different passwords for all your online portals

#TechTip: use a different password for each online portal. It will limit your exposure if 1 password is compromised
Today’s Tech Tip blog continues on our theme from yesterday.  Passwords are making it back in the news after last weeks announcement that close to 2 million passwords were stolen from major web portals.  Yesterday we talked about what you should include in your password.  Today we cover how many passwords you need.
The short answer:  Lots!
Yes, it is easy to have 1 password that you use on everything.  Makes it easy to log into sites you don’t normally access and keeps everything nice and clean.  However the more sites you have with the same password means you are opening yourself up to a greater level of exposure.  It is important, especially on popular sites like Gmail, Facebook and Twitter (basically all high profile social media sites) to maintain different passwords for each site.
If you are afraid of remembering all your passwords, you can alter each password by only a few digits and make sure to can figure out which password is for each site.  Even better is is a completely different, random password for each site.
How do I remember all my passwords if you need me to have dozens or hundreds of different passwords?
That is the topic for our next blog post on password management.  Stay tuned.

Tech Tip: Change your passwords to ensure security

#TechTip: Change your passwords often. Don’t use words found in a dictionary or easy number combinations.

Last week, news broke of a major password breach on a number of major social media websites.  Close to 2 million passwords were accessed from sites like Gmail, Facebook and Twitter.  The security breach means if your password was compromised, you may be susceptible to attack from other hackers.

It is strongly advised that you change your passwords.  Even if you don’t think you were affected, its always good to change your passwords now and then for security.  This week, we are going to bring a series of tips and blogs on why security for your password is important and offer tips on what to do.

First for this week, lets talk about the actual password you use.  Do not use names, dates, or any word that can be found in a dictionary.  Even words that are linked together can be cracked.  If its found in a dictionary, it can be cracked.  It is strongly suggested that passwords contain the following elements:

  • Upper Case letters
  • Lower Case letters
  • Numbers
  • Punctuation
  • 8 or more characters

If you include these in your password, and they are not based on any dictionary words, chances are its a secure password.  Having said that, almost any password can be hacked by a skilled hacker.  The point is not to make an uncrackable code, but to create a code that would require so much effort for a potential hacker to crack that it wouldn’t be worth their time or resources to try.

Even with good strong passwords that can’t be easily cracked, its still suggested you change your passwords often.  Your login credentials for the sites you visit are usually kept in a database somewhere.  Its those databases that hackers tend to be attracted to.  If they manage to get in and steal a file containing many passwords, then all the complexity in the world won’t help you.  Simply changing your password will avoid any issues.