Taking your web security to the next level
In August, Mat Honan, someone whom I consider to be one of the leading voices in technology journalism, had his entire life turned upside down. Hackers found their way into his Google account, which they used to reset his passwords on services like Twitter and Facebook. Worst of all, they reset the password to his iCloud account, and remotely wiped his iPhone, iPad and MacBook. Honan’s story isn’t typical, but it is a necessary reminder of just how important it is to secure your life online.
As I’ve mentioned in previous columns about security, you are often the weakest link in your security chain. (I know from personal experience.) But even when you have made absolutely certain to avoid giving out your login credentials to a phisher, hackers can still get into your account. Over the past few years, there have been several high-profile incidents of major digital institutions having their entire password databases stolen and then spilled onto the Internet for all to see. Sometimes, you just draw the short straw when it comes to digital security.
Ultimately, aside from completely avoiding the Internet, it’s impossible to completely secure your digital life from those who would try to do you harm. But that doesn’t mean you should give up hope. Often, hackers are willing to settle for the easiest prey, and so by adding extra lines of defense to the services you use, it’s possible for you to save yourself a lot of grief in the future.
What follows is a quick guide to adding security to key parts of your digital life:
Google Accounts: Google allows what’s known as two-factor authentication to better lock down your account. The name two-factor authentication comes from requiring a code from a second source in addition to your password. In Google’s case, you can choose to have the code sent to you via text message, or if you have a smartphone, you can install the Google Authenticator app. Two-factor authentication makes it significantly harder to break into your account, because if an attacker doesn’t have access to your phone, they can’t access the account. To set up two-factor authentication on your account, go to your Google Account settings (google.com/settings/account), then click on the “Security” tab, and then click “edit” next to Two-Step Verification.
Unfortunately, your Google account through Whitman College does not currently support two-factor authentication, but according to Mike Osterman, Whitman’s IT Security Officer, Whitman College Technology Services is “looking into two-factor authentication,” though there are still currently several obstacles to implementing it.
Facebook: Facebook has a number of available security options. You can choose to enable two-factor authentication, but unlike Google, Facebook will only send you an authentication code via text message. So, if you’re short on text messages, you can choose to only be notified by email when someone new logs in to your Facebook account. Granted, someone malicious might be able to already do damage to your Timeline by the time you get the email notifying you that they logged in, but any notification in this case is better than none. To access your Facebook security settings, go to your account settings (there’s a drop-down menu in the upper-right corner) and click on the security tab. The settings you want to look at are Login Notifications and Login Approvals.
If you use other services that aren’t covered here, don’t fret. A simple search with the name of the service and “two-factor authentication” should turn up relevant results.
Filed under: Opinion