Pro­tect­ing your ac­counts on­line keeps get­ting easier

The Fresno Bee (Sunday) - - Obituaries - BY BRIAN X. CHEN

When Face­book revealed last week that it had stored mil­lions of peo­ple’s ac­count pass­words in an in­se­cure for­mat, it un­der­lined the im­por­tance of a se­cu­rity set­ting that many of us ne­glect to use: two-fac­tor au­then­ti­ca­tion.

That might sound like a mouth­ful, but it has be­come essential for our dig­i­tal pro­tec­tion. What it stands for is ba­si­cally two steps to ver­ify that you are who you say you are, so that even if a pass­word falls into the hands of the wrong peo­ple, they can­not pre­tend to be you.

Here’s how two-fac­tor au­then­ti­ca­tion has gen­er­ally worked: Say, for in­stance, you en­ter your user name and pass­word to get into your on­line bank ac­count. That’s step one. The bank then sends a text mes­sage to your phone with a tem­po­rary code that must be punched in be­fore the site lets you log in. That’s step two. In this way, you prove your iden­tity by hav­ing ac­cess to your phone and that code.

Sounds sim­ple and safer, right? Yet barely any­one uses it. Ac­cord­ing to Google, fewer than 10 per­cent of its users have signed up for two-fac­tor au­then­ti­ca­tion to pro­tect their Google ac­counts for ser­vices in­clud­ing email, photos and cal­en­dars.

“It’s re­ally, re­ally hard to get a user to sign up,” said Guemmy Kim, Google’s head of ac­count se­cu­rity. “It sounds cum­ber­some.”

In re­al­ity, it isn’t that com­pli­cated. And in re­cent years, the tech­nique has evolved to be­come more se­cure and, in some cases, even easier to use.

That’s be­cause in ad­di­tion to re­ceiv­ing text mes­sages, you can now log in by us­ing codes shown in an app, by plug­ging in a phys­i­cal se­cu­rity key or by set­ting up your phone to re­ceive a no­ti­fi­ca­tion and hit­ting a but­ton. More on that be­low.

Us­ing just one or two of th­ese meth­ods will go a long way to­ward pre­vent­ing an in­ap­pro­pri­ate per­son, like a jealous ex or a hacker, from get­ting ac­cess to your ac­count. So here’s a guide to four ways of set­ting up twofac­tor au­then­ti­ca­tion on some of the most pop­u­lar sites – and the pros and cons of each method. Se­cur­ing Your In­sta­gram Ac­count With Text-Mes­saged Codes: Let’s start by set­ting up your In­sta­gram ac­count with tra­di­tional two-fac­tor au­then­ti­ca­tion us­ing text mes­sages. This is the most com­mon ver­i­fi­ca­tion tech­nique across apps and web­sites, though it has some of the big­gest vul­ner­a­bil­i­ties.

Here’s what to do:

In­side your In­sta­gram app, open set­tings, then tap pri­vacy and se­cu­rity and se­lect two-fac­tor au­then­ti­ca­tion.

En­ter your phone num­ber. You will re­ceive a text mes­sage con­tain­ing a six-digit code. En­ter the code.

From now on, when­ever you log in to your In­sta­gram ac­count, you will re­ceive a text mes­sage con­tain­ing a tem­po­rary code. This must be en­tered be­fore you log in.

Pros:This method is su­per easy: You do not need to in­stall any ad­di­tional apps on your phone to re­ceive texts. And if you lose your de­vice or switch to a new phone, you can still re­ceive your lo­gin codes as long as you have the same phone num­ber.

Cons:Phone num­bers and text mes­sages are sus­cep­ti­ble to phish­ing or hi­jack­ing by hack­ers (though this is un­likely to hap­pen un­less you are a high-pro­file tar­get such as a well-known ac­tivist). If you travel abroad, re­ceiv­ing text mes­sages on a for­eign car­rier can be pricey. And there are se­cu­rity risks in re­ceiv­ing texts on for­eign net­works in coun­tries with heavy sur­veil­lance such as China and Rus­sia.

Set­ting Up an App to Authen­ti­cate Your Face­book Ac­count: An­other way to start two-fac­tor au­then­ti­ca­tion is to re­ceive a tem­po­rary code via a au­then­ti­ca­tor app. For this ex­am­ple, let’s pro­tect your Face­book ac­count with such an app. Here’s how it works:

On your phone, open your app store and down­load a free au­then­ti­ca­tor app, like Google Au­then­ti­ca­tor or Authy.

Then on Face­book’s web­site, go to your se­cu­rity and lo­gin set­tings. Click “use two-fac­tor au­then­ti­ca­tion,” then “get started.” Af­ter re-en­ter­ing your pass­word, choose au­then­ti­ca­tion app as your se­cu­rity method. From here, fol­low the onscreen in­struc­tions.

From now on, when­ever you log in to Face­book, you can open the au­then­ti­ca­tor app and look at the tem­po­rary six-digit code gen­er­ated for your Face­book ac­count. You must en­ter this code be­fore be­ing able to log in.

Pros:You do not need an in­ter­net or a cell­phone con­nec­tion to re­ceive a code via an au­then­ti­ca­tion app. Most im­por­tant, a hi­jacker can’t eas­ily steal your codes from an au­then­ti­ca­tor app.

Cons: If you lose your phone or switch to a new one, you have to re­gain ac­cess to your ac­count through a re­cov­ery method such as en­ter­ing a backup code or ask­ing the app provider to re­set your ac­count. That can be time con­sum­ing.

Set­ting up Google Prompt on Google Mail: Google Prompt is a relatively new au­then­ti­ca­tion fea­ture for se­cur­ing Google ac­counts. In­stead of re­ceiv­ing a text mes­sage with a code, you re­ceive a no­ti­fi­ca­tion through a Google app ask­ing whether the per­son try­ing to sign in is you. Hit­ting “Yes” logs you in. Here are the steps:

On Gmail.com, go to your ac­count set­tings and click “se­cu­rity.” Click 2-Step Ver­i­fi­ca­tion, and then click Add Google Prompt.

Click Get Started and se­lect your smart­phone.

On your phone, open the Google or Gmail app. Google will show a de­vice try­ing to log in to your ac­count. Tap Yes on the prompt.

From now on, when­ever you log in to your Gmail ac­count, the Gmail or Google app will ask whether the per­son seek­ing ac­cess is you. Hit­ting Yes will log you in.

Pros: It’s easy. Re­ceiv­ing a no­ti­fi­ca­tion re­quires only an in­ter­net con­nec­tion. Se­lect­ing Yes is faster than typ­ing in a code.

Cons: Not all apps and sites have a prompt-based ver­i­fi­ca­tion method, mean­ing your bank­ing site, for ex­am­ple, may still text you a tem­po­rary code. If your in­ter­net con­nec­tion is spotty, you may also have a dif­fi­cult time re­ceiv­ing the prompt. Se­cur­ing Your Twit­ter Ac­count With a Phys­i­cal Key: Last, let’s go over the most phys­i­cal two-fac­tor au­then­ti­ca­tion method, which in­volves plug­ging in a key. Google was one of the first to in­tro­duce a se­cu­rity key pro­gram in 2017, and many web­sites, in­clud­ing Twit­ter and Face­book, have since adopted the method.

Here’s how to se­cure a Twit­ter ac­count with a se­cu­rity key:

Buy a se­cu­rity key, such as Google’s $50 Ti­tan se­cu­rity key bundle.

On Twit­ter’s web­site, go to your ac­count set­tings and click “Set up lo­gin ver­i­fi­ca­tion.” En­ter your phone num­ber, and then punch in the code you re­ceive via text mes­sage.

In “Se­cu­rity key,” click set up. In­sert the se­cu­rity key into a USB port, and press the but­ton on the key. Press the but­ton again to ver­ify the key.

The next time you log in to Twit­ter, click “Choose dif­fer­ent ver­i­fi­ca­tion method” and se­lect “Use your se­cu­rity key.” Af­ter plug­ging the key into your com­puter, you will be able to log in.

Pros: For peo­ple who are ex­tra para­noid about be­ing phished or hacked, this is one of the most se­cure au­then­ti­ca­tion meth­ods be­cause phys­i­cal ac­cess to your key is re­quired for log­ging in.

Cons: The keys cost money. What’s more, some sites re­quire you to in­sert the key ev­ery time, so if you for­get to carry your key, log­ging in with a backup method can be com­pli­cated. And not all web browsers sup­port log­ging in with se­cu­rity keys.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.