Wednesday, December 04, 2013

two factor authentication for fb, gmail and a reminder

Last week someone tried to reset my facebook password.  Twice.
It was not I,  but I got the email with the reset link.   Both times.

So I looked into how to protect the account.

Today's news http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/index.html?section=money_news_international  tells me it's time to share some ways to protect your fb account.

Facebook#1
The first thing to do is enable "login notifications".  You can read on it here on fb's help pages: http://www.facebook.com/help/162968940433354/ .  What this does is if anyone uses your name and password, to log on to your fb account, you will get an email indicating that this happened, and from which IP address.    If you log in from a computer or location where you have previously logged in, nothing happens (no unnecessary email).     You can see a list of the known locations listed as "Recognized Devices" on that settings page.    In short, logging in from any device other than the ones you already have on the list, will generate a notification email.

Facebook#2
The second thing that can be useful is to enable "Login Approvals".   This requires you to install the fb app on your smartphone, and works as follows:   if your userid and password are used to log in to fb from a device that is not previously recognized, you will be required to enter a number code generated by the fb app on your smartphone, or as a backup, you can either print some one-time use codes or have fb email the code to you.   These codes are short lived and are not useful after a very short time.
See http://www.computerworld.com/s/article/9243428/Protect_your_Facebook_account_from_hackers_with_two_factor_authentication and
http://www.pcworld.com/article/2036252/how-to-set-up-two-factor-authentication-for-facebook-google-microsoft-and-more.html .

Google
For google and related accounts, gmail, drive, youtube, and other related products,  google will send a number code to your smartphone, or backup, or call a voice line before allowing a logon from an unknown browser.   As with fb you can print and carry with you some one-time use codes.  Read and follow directions here:  https://support.google.com/accounts/answer/180744?hl=en .   If you happen to use google to log on to other services (example:  https://developers.google.com/accounts/docs/OpenID), you do need to take additional steps to do that.

Finally a reminder to keep the password to your email as safe as you can.   I made this xtranormal video in April 2012, and the advice is still applicable.  https://www.youtube.com/watch?v=WL6K1B0AyNQ  Enjoy !

No comments: