Losing control of accounts: Inconvenient to extremely painful
There have been multiple public accounts of people losing access to their accounts through hijacking. I’ve also known people personally who have had personal email accounts hijacked. Each time it’s at best inconvenient, at worst, an extremely painful lesson in security and backing up.
If you’re lucky, all that happens is the attacker sends some spam from your account. However, all too often, the attacker will delete contacts, old emails, and even attempt to get into other online accounts through password recovery systems. They’ll change account recovery information to make it harder for you yourself to regain control. Sometimes they’ll change other settings in your account to make it easier for them to get back in.
If you enable multifactor authentication, which also goes by names like “two-step verification”, everywhere you can, you make it significantly harder for an attacker to take over your account. It’s a great way to secure your accounts.
Setting up multifactor authentication for multiple services
Install an authenticator app on your smartphone
If you have iOS, Android, or Blackberry, you can install Google Authenticator. If you have Windows Phone 7, you can install Authenticator. If you have another type of phone, you can have many of the services discussed below text you codes.
Facebook, Google, and Microsoft
Facebook, Google (including Gmail), and Microsoft (Hotmail, Outlook.com, Xbox LIVE, etc.) are relatively convenient to set up. PCWorld has an excellent article with step-by-step instructions for setting up multifactor authentication with each.
I recommend following the article’s instructions for setting up Facebook to use an authenticating app other than the Facebook app itself; I find it more convenient to generate codes in as few places as possible. You’ll find those instructions in the paragraph that begins, “Simply start the Code Generator setup process …”
Dropbox
Follow the Dropbox instructions. The section called “Use a mobile app” contains instructions specific to several authenticator apps.
LastPass
Follow the LastPass instructions for Google Authenticator. The instructions are specific to Google Authenticator, but you may have success trying another kind of authenticator app.
They also have a variety of other options for multifactor authentication. Be careful with that link – pressing any key tends to change what’s displayed, and you may have to refresh the page.
Apple
Follow Apple’s instructions. They send the code to your device using SMS.
Yahoo!
Follow Yahoo’s instructions. They send the code to your device using SMS.
Problems with multifactor authentication
One problem with multifactor authentication is that whenever you attempt to log in from a new device, you’ll likely have to enter in the extra code. That can be somewhat tedious, especially when you need to log into a number of apps at once (such as when you are setting up a new phone).
Another problem is with apps that use an account on one of the services but doesn’t support multifactor authentication. For example, if you want to configure the iOS Mail and Calendar apps to access Gmail and Google Calendar, you’ll have to create an application-specific password. These get around the multifactor authentication hurdle by automatically generating passwords you type in once and never remember. If one of these is stolen, your account could still be somewhat compromised, but services make it difficult or impossible to access various portions of your account with these types of passwords. You can revoke these application-specific passwords at any time.
Related note: Handling many passwords
The vast majority of sites do not offer multifactor authentication, and the sheer number of passwords you may need to remember can be staggering. However, this is no excuse for reusing passwords on multiple sites. It’s only a matter of time before it creates a major headache for you.
If you use, say, “MyPassword123!” (a terrible password that can be easily guessed using modern password-cracking software) on Site1, Site2, and Site3, all it takes is for one of those sites to be hacked, and you could be in trouble. Your accounts on all three sites could be compromised.
If you need to come up with a password that must have a number in it, don’t just append a number at the end. The same goes for symbols – lots of people just add a number and punctuation to the end of their password and call it a day. (I’m guilty of this myself. At a previous job, I simply incremented the number at the end of my password when I was required to change it. Shameful.)
You can come up with new ways of devising passwords. Using concatenated words, abbreviations of uncommon phrases, intentionally misspelling things, etc. can all be used to increase the effectiveness of your passwords.
Consider using something like LastPass (with Google Authenticator enabled, of course). Such services can store your passwords for you in an encrypted form they themselves can’t access.
Edit 2013/04/29: Updating your account recovery information
Web sites have a variety of options for recovering access to an account. Be sure to update this information for at least the most important sites (email, social, banking, etc.) so if you ever have issues, you can get access to your accounts back.
However, on the casinos’ half, it’s a way to get more players to sport on their web site, making it a win-win situation for each the on line casino and 더킹카지노 the customers. You should check in to an online on line casino that accepts players in India to get on line casino bonuses. Upon signup, there are several of} bonuses find a way to|you probably can} declare, which might usually differ relying on the on line casino. Above, you'll find the most important sign-up on line casino bonuses obtainable to Indian players and a few free spins promotions. It doesn’t both keep in mind things like expiry time. How long time time} you need to|you must} clear the wagering necessities of that specific signup bonus or deposit bonus.
ReplyDeleteEach participant is responsible for the right positioning of their wager on the format regardless of whether or not the wager is placed by the dealer. A a perpetual motion machine is a machine that continues 배당사이트 to function with out drawing vitality from an exterior supply. The legal guidelines of physics say it's impossible, however being an inventor, Pascal was making an attempt to defy the percentages.
ReplyDelete