How to Avoid Being Hacked, Part 2 – Two-Factor Authentication

by | Aug 6, 2017 | Uncategorized | 4 comments

Multi-factor authentication (MFA) makes it much harder for a hacker to get access to your online stuff, and the most common form of consumer MFA is two-factor authentication (2FA). A very common form of 2FA is the debit card. One factor is the card itself, which contains magnetic identifying info (these days, a chip), and a PIN that you provide when you stick the thing in an ATM machine. It’s simple and fairly good at keeping others out of your ATM-accessible cash. 2FA is important for your online accounts, such as email and your iCloud accounts.

While I admit it can be a bit of a pain to have to do something additional to get into your account, it’s far less of a pain than having one’s identity stolen, losing access to your email, or answering to your friends who wonder why you have said such crazy things about them (unless, of course, you actually said those crazy things!). Or, heaven forfend, someone logging in as you on one of your gaming accounts.

Here’s how 2FA or two-step authentication works for a couple of different online account types. (Note, these services change things up from time to time, so it’s good to keep abreast of such changes.)

Setting up Google 2-Step verification

First you log in with user name and password (we’ll get to choosing smart passwords in Part 3) to your Gmail account. There should be an avatar in a circle near the upper-left hand corner of the window. Maybe it’s even a photo of you. Click on it and you’ll see “My Account.” (Incidentally, this changes every couple of years) On the new window that opens up, click on “Sign-in & security.” Click on “2-Step Verification,” then on “Get Started.” Time to enter your username and password again. Enter a phone number and click on whether you want to receive a text or a phone call. Then you magically get a text or phone call with a 6-digit verification code. Type it in and select the option to turn on 2-step verification. It’s that easy. Okay, it’s several steps, but not that hard.

It may be that you prefer to collect your Gmail with some other app, like Outlook, rather than using a browser to go to the Gmail page for your mail. If so, it may be that once you’ve turned on two-step verification, your Outlook (or other app) keeps telling you that you have the wrong password, even though you know darn well it’s right. This has happened to me. You probably need to have Google give you a specific app password that Google will generate for you. You’ll need to go to the App passwords page, which at the time of this writing is at https://security.google.com/settings/security/apppasswords.

Select the app you want it for (if Outlook, then you would select “Mail”), then the device you are using (Google magically presents a list of the devices you use with their services). Then select “Generate.” It will show you a 16-digit number in a yellow bar for you to use as your new password for that app (Outlook, eg) on that device (don’t enter the spaces). You can save that password in your app and you may need that number again in the future.

Yahoo!

Yahoo! is similar: sign into your account, go to the account security page, click on “two-step verification,” and toggle the button there to turn it on. Select an option to get a text or a phone call for verification. Enter the code that comes to you via text or phone call. At this point, you can create an app password, similar to the Google process above for your various apps like Outlook or Apple (iOS) Mail.

iCloud

Now, let’s set up 2FA on your iCloud account. First, you have to have a passcode set on your iPhone or iPad.

Click on the Settings app. If your device uses iOS 10.3.3, click on your name (or the name of the account you use to sign on), then on “Passwords & Security.” Did I mention that this will change as Apple keeps us on our toes by changing everything up once we’ve gotten comfortable with the previous version? In the most recent previous version, you would have clicked on Settings, and then on iCloud, then your name, then Password & Security. But I digress…

Now tap “Turn on two-factor authentication.” Be prepared to answer some security questions – which we’ll be discussing in a future article – and then enter the phone number where you want to receive the code for 2FA, and as previously, select whether you want a phone call or a text.

Macintosh

For a Mac, open System Preferences, and select iCloud, and then “Account Details.” You might have to login using your Apple credentials. As above, answer your security questions if it asks, enter the phone number where you want to receive calls or texts for verification. Once again, a magical robot instantly sends you the code and you have to enter that into the field that awaits your answer.

Once it’s turned on, you’ll get a message asking for approval if an unknown device or location signs onto your account. Note that on a Mac, that notification can sometimes be on a window that is hidden behind another, so look for that if you find you’re having troubles with getting the approval request.

Speaking of troubles, it seems like a lot of work to have two-factor authentication, but once it’s set up, it’s not too much of a pain and will add considerable safety to your accounts, as well as considerable barriers to potential hackers. So do it!

Next time, we’ll discuss passwords, passcodes, and why you shouldn’t fill out those fun questionnaires that all of your friends send you.

Related Posts

CSI Cases from Burgess Forensics #69 A Case of Hiphop Beef

The Stories are true; the names and places have been changed to protect the potentially guilty. It was almost closing time on Friday and my thoughts were turning to Barbequeing some of that mouth-watering Santa Maria tri-tip while my nose was turned to the scent of...

Email as a signed contract vs. fraudulent emails

Email as a signed contract vs. fraudulent emails We all send and receive email, but did you know that what you say in an email can be interpreted as a legal contract? And that sometimes, emails are fraudulent? Both are true. The Statute of Frauds Although email didn’t...

El Salvador Adopts BitCoin

El Salvador Adopts BitCoin copyright Steve Burgess, 2021 El Salvador just passed a law to make BitCoin (BTC) legal tender and is the first country to do so. It did something similar back in 2001, when it made the US Dollar the official currency, replacing the...

Keeping Your Bitcoin Safe

BitCoin. Everybody wants some. But what’s the best way to keep it safe once you’ve got it? And how to get it? First things first – you get BitCoin (and Etherium, and DogeCoin) from a cryptocurrency exchange, like you would from a “regular” currency exchange to turn...

Cyberbullying and Covid-19: 2021 Update

California defines a cyberbully as anyone who sends any online communication to deliberately frighten, embarrass, harass, or otherwise target another. The Cyberbullying Research Center defines it as “willful and repeated harm inflicted through the use of computers,...

Cybersecurity & Covid-19: Vulnerability and What to Do About It

Cybersecurity & Covid-19: Vulnerability and What to Do About It Steve Burgess, 2020 As if we didn’t have enough to worry about. With so many of us working from home (close to 90% of American corporations are encouraging or requiring employees to do so) and having...

Indian Summer Lovin’ – Tech Tips For a Warm Autumn

by Natalie Miller, 2019 With Indian Summer temperatures rising, here are some tips to help you make sure your devices are ready to conquer these warm days of Fall like you are. Check Those Pockets! Taking a dip in the pool, going for a paddle in a kayak, and jumping...

Electronic Waste and Recycling – What Your Old Devices Can Say About You

by Natalie Miller, 2019 With new models of phones and computers being released every year, wanting the latest and greatest is never a bad thing, but what about your old devices? The truth is that old devices can still hold all of the data you put on them or that they...

The Case of The Client Who Wanted … to be Wanted

The Case of The Client Who Wanted … to be Wanted copyright Steve Burgess, 2018 It was nearly Christmas, but the morning sun was pouring in through the windows of my Central Coast office, casting shoe-shaped shadows on the West side of my desk. Perhaps I should have...

Burgess Forensics Newsletter Vol. 5 Issue 1: FitBit Fun Forensics & Foes 08.08.2018

  Fitbit, Fun, Forensics, and Foes Have you tracked your 10,000 steps today? Has anyone else tracked them? Fitness trackers are big business, helping people get and stay fit, and helping them share their progress with friends – and sometimes with strangers. The...

Pin It on Pinterest

Share This