Don’t Touch My Stuff

Burned Computer Keys
Try and touch my computer now.

 

North Korea hacks Sony. The iCloud hack. The Snapchat leak. Stolen Dropbox passwords. I don’t think there has been a single week in the past three months where I haven’t heard of a group of hackers stealing private files just because they can. The big celebrity leaks make the news, but hundreds of thousands of regular people have also had their stuff stolen, perused or violated. And that’s not okay. Sure, nobody is looking (or will find) pictures of me naked, or find a super secret list of nuclear launch codes. But how about my classwork? Drafts of things I’m working on? Client files and contracts, or copies of my tax records? Because I back all of those up online, in the cloud. I’m writing this article in the cloud, where it will eventually be hosted online. So how do you make sure that only you can access your stuff? It gets…complicated.

Part of the reason only I can access my stuff is something called “Two Factor Authentication.” It’s a fancy way of saying you have to prove your identity every time you try and get access to your files. It’s actually becoming more common (especially because of the hacks), but it’s been around for a little bit, and most of your favorite websites and services use it now.

But how do you prove who you are every time you want to log into Facebook? How about your cellphone? Because your cellphone is usually on you, it can act as a secondary source of identity. Either an app or text message, you get a code every time someone attempts to access your accounts. Facebook, Dropbox, Gmail, Twitter…the list of sites that have enabled Dual Authentication is growing constantly, and you should be using it. In fact, here’s a list of those currently supporting it:

http://twofactorauth.org

Notice that list also includes some bank accounts? That almost should be your first priority, though I won’t judge you if you setup your Facebook account first.

Money on Computer Screen
This is how online banking works, right?

How do you set it up? Well, each site has it’s own way. That I can’t help you with, but most sites should at least let you set up a text message system, that will text you a code to enter before you can join. But because the system is becoming more and more widespread, there is an app for that. Depending on your phone or system, something called Google Authenticator will allow you to use one app to access a rolling code generator that’s easy to setup and access.

http://code.google.com/p/google-authenticator/

So next time you hear about some massive hack or identity theft ring going around, you will be protected because you locked down your accounts, right?

—-

Have a tech question, or think I should cover a topic, app, or website? Want me to answer a question about this topic? Comment or contact me with your ideas!