Many people are nervous nowadays about hackers. Slate.com ran a story recently discussing Matt Honan’s, a writer for Wired Magazine, experiences with being hacked. In August, Honan’s Apple account was hacked, and all of the information on his iPhone, iPad, and Macbook was wiped out. Furthermore, the hacker deleted his Google account and hijacked his Twitter account, employing it to post racist and obscene remarks. One thing this story puts into sharp focus is the fact that everyone can get hacked.
There is some good news though. There are some steps people can take to prevent the fate that Honan suffered. They are able to employ two-factor authentication.
Two-factor authentication is a way to protect your accounts by requiring you to type in a code after you enter the password for your accounts. This could seem excessive, but if you only have one password protecting your accounts, this is not enough to deter hackers today. Two-factor authentication can be the difference between your accounts being hacked and keeping your accounts protected.
How Google's works
Google has enabled two-factor authentication for all of its accounts. It’s very easy to use. If you own a smartphone, simply download the app. Then when you log into your accounts you’ll type your password together with the password Google has supplied you with.
If you don’t own a smartphone, you can still use Google’s two-factor authentication system. You can just wait for Google to send you a text or voicemail message that contains the code you need to complete the logon process.
Multi-factor authentication is the generic term for requiring additional information besides just a password. These factors add security by adding requirements in addition to just a password that can get compromised.
This password factor is referred to as "something you know". The other two factors are something you have (like an ATM card) and something you are (like a fingerprint).
Business networks have used multi-factor authentication for years. Remote Authentication Dial In User Service (RADIUS) servers prompt against your Active Directory so wireless or VPN users are checked before allowing them in. This additional check can prevent a lost laptop or fired employee from getting back into your network.
Bet you didn't realize you were using multi-factor authentication already. Some examples include
- ATM card and pin number
- Credit card and card security code
- Fingerprint scanner on laptop and password
- Photo ID and driver's license number
Google's not widely used
While this is a good way to protect your Google accounts, not a lot of people are using it since it can be a bit of a hassle. People don’t want an extra step when logging into their personal accounts. But neither do hackers. So if you had to make the choice between being hacked or coping with an extra step, you will most likely choose to take that extra step to protect yourself. There is usually an inverse relationship between security and usability, in that the more security measures you employ, the more complexity for users.