A story came out a few weeks ago about how this guy basically had his entire online life stolen and his computer and iphone bricked. It’s a crazy story, but definitely highlights some of the major flaws with storing one’s entire life in the “cloud.” (Some of the security holes have now been “fixed” – if you believe Amazon, anyway. The problem with having human gatekeepers for some of this stuff is that humans are…human. And don’t always follow procedure. But still.)
The story still freaked me out a bit, especially considering that I’ve been getting a lot of “We see you’ve forgotten your password” emails from Facebook recently. Clearly *someone* is attempting to hack me. Random? Maybe. Or maybe not. I’m not anyone special, but as an author I’ve got a tremendous amount tied into these social networks. I start getting hacked and there’s an awful lot to lose.
Now, I have about ten different email accounts. I use different emails and passwords for different things, so that certainly helps. (I don’t have a password keeper program…yet, but so far I’ve been okay.) But having so many accounts tied into each other can be problematic. (I mean – look at how many sites and apps and services let you sign in with your Facebook or Twitter or GMail account. Convenient, yes…but the potential for security holes is high too.)
So, I’ve started tying down some of my accounts. Facebook now tells me anytime my account is logged into and where it’s logging in from. Plus, now it’s set up so that even if you have my email/password, you still need the authentication password which is sent via text to my phone. Same with Gmail. Same with Dropbox (which uses the Gmail authenticator app as well.) I suspect Twitter will be following suit at some point as well. I hope so.
Is it a pain to set up? A bit. Each is a little different, but once you’ve got it set up on the main account, you then have to add any additional trusted devices – phones, ipads, other computers, etc.) But in theory, that’s a one time deal. And in the long run, piece of mind is worth the time spent. I’m not naive enough to think this will protect everything, but at least it’s better than nothing.
(Unrelated? New Fox & Willow was uploaded yesterday – sorry for the lateness – event conspired against us. 😉 )
Edited to add: Since I’m getting questions about how to add these levels of authentication – for Facebook – under your security settings, you want the Login Approvals to turn on the text message authentication and the Login Notifications if you want to know when/where your account is being logged into.
For Google – when you log into your Google Account – check out the 2-step verification settings under security. Keep in mind that you’ll also need to set up the application authorization stuff after that if you access google or a gmail account via an app or other device. It’s a one time deal, though. Easy to do all at once and then you’re done.