- homepage
- search engine
- cookies
- and disables the extensions
InfoSec
Enable 2-factor authentication for Google services
InfoSecRelated Article:
How to enable 2-factor authentication for Google
Sign into your Google account
Click the arrow next to your name
Choose Account
Select Security
Click settings listed under 2-step verification
You have to start the setup process. You are then asked to supply a telephone number where an authentication code will be sent when you login from an “untrusted computer or device”. A code then arrived that you have to enter when Google login detects something strange.
You are then asked to login and test the code. When you login, you will be asked whether you trust the device you are loging in from.
The other option on 2-factor authentication page is the IOS or Android Google authenticator application which generates a new unique login code every 60 seconds. You download the app from your app store, then chose the Google Authenticator option on the 2-factor settings page, you scan the barcode generated on the setup webpage and then test the generated code.
Personally I use the Google authenticator option and have the app on my phone (iphone) and my tablet (nexus 7). If you intend to use the Google Authenticator on multiple devices, download the app on all of your devices at the same time and scan the generated barcode on both devices at the same time. The same unique codes will then be generated on both devices.
How to secure your online accounts
InfoSecWhat is 2-factor authentication?
One of the most common ways to hijack your online accounts is to steal your passwords. The way to prevent this type of issue is to use a technique called 2-factor authentication. The 2 factors are:
- Something you know : your password which is still used
- Something you have : a one-time use password that is generated on demand that proves you are in possession of something physical.
You use 2-factor authentication everytime you use your bank’s automated banking machine. You go to their machine, you insert your card (something you have) and then enter your pin (something you know).
Many of today’s most popular services allow you to add this additional level of security to your account such as Dropbox, Google, Lastpass, Paypal, Facebook, Yahoo, etc.
Detractors
Some detractors complain that you need to use a physical device (phone, USB key, token, etc) that can be lost and then causes issues when you try to login.
Their second complaint is about services that email your unique one-time login code to your phone, because they complaint that you have to hand-over your personal phone number to a third party.
My views
I believe more security is better and use 2-factor authentication when available and recommend you do the same. It is an extra step but how much is extra security worth?
Saudi Aramco Twitter account hacked
InfoSecDue to recent attacks again Twitter and high profile Twitter users, Twitter has started implementing new security measured. Now we learn that the official account of Saudi Aramco (the world’s largest oil producer) was hacked by “Mister Rero”.
Saudi Aramco is no stranger to infosec issues and had 30,000 workstations hacked last year. Don’t forget other twitter accounts were also recently hacked from Burger King, Jeep, etc.
Evernote will implement 2 factor authentication
InfoSecA couple of days ago, I wrote about Evernote being hacked and the fact that it is the new reality for cloud services.
Now we learn that Evernote intends to implement 2 factor authentication. In case you were not aware, Evernote was hacked and it forced its 50 million users to reset their passwords. According to InformationWeek, they will offer some kind of 2 factor authentication for all of their users before the end of the year.