Two Factor Authentication – It’s No Longer Optional.

There is an old saying that there are two guarantees in life:  Death and Taxes.  Well, when it comes to personal computing, there are two guarantees as well.  Passwords and password changes.  Yes, if you use a computer, a smartphone, or anything that connects to the internet, you have a username and password as a means of identifying who you are in order to access information.

For many years, the standard has been that your username be unique, as well as your password.  This criteria for many years has been sufficient in guarding your account information at your bank, your social media accounts, everything.  However, this is no longer the case.

Two Factor Authentication (2FA)

What is “two factor authentication?”  Simply put, it is a way of identifying yourself by use of multiple pieces of information.  Without getting into the gory details, it means that you are using something else, in addition to your username and password, to verify your identity.  Many corporations have used this type of technology for years.  However, for consumer users of computers, this is something we are seeing more and more each day.

To give an example, lets say you have a Gmail account.  When you login, you enter your username and password and you press enter to login.  If you have two factor authentication enabled, once you login, you would be presented with a screen asking for an additional code to enter.  That code could come in the form of a text message, or through use of an authentication app.  Once you enter that additional code, you gain access to your account.

At this point, I can already hear you groaning at the idea of having to enter something else to secure your account.  Thoughts like, “That’s annoying!”, or, “I have to enter another piece of information to check my email?”, and finally, “This is stupid!  I’m not going to do it!”, I am quite certain are going through your heads.  However, before you make a hasty decision, consider the following scenario.

Vacation Gone Wrongvacation gone wrong

A husband took his wife and kids on a family vacation to San Francisco.  For this trip, the husband brought his smartphone, and instead of a laptop, he decided to bring his Android tablet.  After a wonderful two weeks in sunny California, they decided to hit up Fisherman’s Wharf for some last minute shopping.  After several hours of walking around, they returned to their vehicle only to find both back windows smashed out.  Several items of luggage were stolen, including, the husband’s bag that had his tablet inside.

That tablet had all sorts of apps, such as email, banking and investment apps, all major social media account apps, and the like.  After having to deal with the frustration of having their stuff stolen, this husband spent the better part of the night changing passwords for literally everything in his digital life.  It was at this point that he setup two factor authentication where he was able to do so.

What If It Was You?

Imagine yourself in the above scenario.  Having to frantically change passwords before the other person got to your digital stuff is not fun at all.  If that person had setup two factor authentication on his accounts prior to the theft, that would have at least put up a roadblock for the thief, while that person went down the list to change passwords.  Two factor authentication is not the “magic wand” of security.  It is simply another means of securing your information.  You can either do that, or run the risk of a hacker getting access to your banking information, or deleting all your photos from your cloud account.

Setting Up 2FA

Setting up 2FA (more jargon to impress friends) is very simple, and you may already be using it.  If you have logged into your bank from another machine that you typically do not use, the website may say they have sent a verification code via text message.  This is a form of 2FA.  Another way you can set this up is to go to your social media sites and look under settings/security.  Usually you will find a way to enter your mobile number and enable two factor authentication.

You may download and use apps like LastPass Authenticator, or Google Authenticator.  These apps allow you to setup 2FA with different sites that allow use of such an app.  You scan a barcode that is provided by a website, and once you have it in there, each login you do will require use of that additional code.  A nice feature of 2FA is that you are instantly notified on login attempts.

Many sites that allow, or even force you to setup 2FA also allow you the ability to check a box to remember you on that machine.  This way you do not have to enter a secondary code each time.  A word of caution on this.  By doing so, if your device is ever stolen, and they can get to your apps and have a greater chance of logging into whatever site(s) you have enabled that feature.  I would caution against doing this from your tablet or mobile phone.

No Excuses

Two factor authentication is not a passing fad, but is a standard in computer security.  When considering whether or not to set it up, ultimately the decision rests with you.  However, each week it seems we hear about another company having a security breach.  Therefore, 2FA is no longer something that is optional, but is a necessity in securing your digital life.

Advertisements

Hackers Going Old School

I have written quite a bit about attacks on computers through poisoned search results, and of course, just hitting an infected webpage.  When these things happen, your computer may starting “talking” to you announcing that if you try to shutdown your computer, your files will be infected, blah blah blah.  Of course, this is nothing more than a scare tactic to get you to click that button for “remote assistance”, which of course the only assistance you will get are your files stolen, held for ransom, and of course the high possibility of identity theft.

However, some hackers are going old school, by using the telephone as a launch point into hacking your computer.  For example, you may get a call on your home or mobile phone, and the caller ID might say “Microsoft”, or “Google Support”.  The person on the other end of the line will say that, “they have received alerts that your email account is sending out a bunch of spam”, or, “we have detected that your computer is infected with viruses, and we need to clean your computer, or we will have to lock down your machine.”

Of course, none of what I described is the case, because like I mentioned in a recent article, these companies have no idea if your computer is sending spam email, or infected with viruses.  These hackers, who are really scammers, use fear tactics, such as using inflected voice tones and a lot of technical jargon to get you all flustered and worried.  It is at that point they will have you turn on your computer, goto a site like Ammy Admin, Aero Admin, or they may use a legitimate remote control software like Teamviewer or LogMeIn, have you enter a code, and then they are on your computer where the games will begin.

So what can you do?  First of all, if the call comes out of left field, with the person on the phone stating something similar to what I mentioned earlier, my best advice is to hang up.  To verify if the call was a scam, call the number back on the caller ID.  Most likely it will refer either to some other number, or national 411 assistance.  Did I forget to mention that when they call on the phone, they also put forth false caller ID information?  Of course, this is assuming that anything other than “PRIVATE” or “BLOCKED” showed up on the caller ID.

This next part is a bit of a sensitive topic, but nonetheless true when it comes to these scammers.  The overwhelming majority of the scam calls you get, the person on the other end will have a heavy foreign accent.  Most of the calls are not coming from the US, but are in fact coming from overseas from the Middle East, India, and even Southeast Asia.  Again, if you get a call out of the blue, with foreign accented person on the line stating they need to connect to your virus laden computer, hang up.

Finally, you must understand that these phone calling hackers do not limit their calls to your mobile or home phone number.  They can and do call business numbers, because they are literally just going down a list of numbers that their criminal boss gave them, and have no idea if they are calling a home, mobile, or business phone number.  Therefore, it is absolutely imperative that you be alert when at the office.  Allowing a hacker who called you to get access to your work computer, will in all likelihood be a career limiting move for you.  In other words, you are likely to be fired.

Hackers use many methods and means to gain access to your information.  While most hacks occur while you use the internet, hackers are not above giving you a good old fashioned phone call to scare you into giving them access to your machine.  However, you have now been equipped with the knowledge to defeat them.  And defeat them we shall!

 

“What is the right type of computer for your kids?”

Looking back on my experiences with computers, I remember the first one we got in our home.  It was an Apple IIe computer, complete with floppy disk drive, massive monitor and a dot matrix printer.  In 1986 I thought we were at the pinnacle of technological evolution as finally, we had a computer in the home.  That computer would prove to be useful for not only my mother, but for me as a student for writing papers and such.  The thing is, there was only one choice of computer, a desktop.

Nowadays, the public, and even business, is swamped with choices of computers, and this extends all the way down to folks with kids.  There are desktops, laptops, tablets, and yes, smartphones are used oftentimes as a computer because in fact, that is what they are.  However, when it comes to your children which one is right for your little ones?  We will explore those options.

Desktops have been the mainstay of the computer industry for decades and as mentioned earlier, they were the only thing going.  So why would you as a parent consider a desktop for your kids?  One reason is a desktop provides typically a centralized point for your kids to use the computer.  Like with any other computer, you can setup different user accounts so that each child has their own customized settings like favorite websites, programs, etc.  Also, desktops tend to have a longer life usage wise and are more easily upgradable from a memory and hard drive point of view.  Recommendation is to put this in a common area of your house for mom and dad to easily monitor.  A desktop is appropriate for any age child, but specifically here, referring to any child ages 4-15 years of age.

The next category is a laptop.  Laptops are just as powerful as desktops, and they are portable.  I would say teens from ages 15-18 are a good category for this, as likely, they may already use one for school.  Many schools now are mandating that all kids have access to one, and usually do so at a discounted rate so this is definitely something to check in with your local school district.  A laptop’s portability comes in handy when going back and forth to school, the library, or study groups.  Laptops also take up very little space compared to desktops, and some of them are priced almost the same price in some cases as a desktop computer.

A consideration with laptops and children in this age range should be net safety.  Specifically, having such a portable device means that they can take it anywhere at any time.  You will definitely want to lay down some clear ground rules such as not using one behind closed doors, using chat rooms, email, and the like.  Parents know their kids best, but when it comes to teenage children and access to laptops, my best advice is to heavily restrict what they can and cannot do with that machine via their user account permissions.  That means, create a user account that has only “Guest” or “Standard User” permissions.

 

Finally we enter the realm of smartphones and tablets.  Since this is focusing more on productivity, I will only say that with smartphones, such as an iPhone, are primarily communication devices.  Tablets are designed more for portable productivity.  A tablet, like a laptop, is highly portable.  These also are being used in schools around the country, and like laptops, many schools are now issuing them to students.  Tablets are becoming more and more useful, in terms, of productivity, as there are many apps that you can download and use not only for tablets, but that you can also install on your main computer back home and synch files, notes, and the like.

Programs like Evernote, are very handy for note taking, so a student could take all their notes on their iPad and then arrive at home to find them on the computer they primarily use.  Emailing assignments, and or communicating with their instructors is a lot easier on a tablet, versus hauling out a laptop and booting it up to send a quick email.  Tablets are very small compared to desktops and laptops, but really they should just be considered as a supplemental tool to their main computer.

Working on a tablet primarily is not going to have the same experience working with say, a Word document, as it would on a conventional computer.  They are pricey though, with Apple products being in the $300-$400 range and Android being anywhere from $99-$300 depending on the model.  Parents looking at pricing and usefulness may soon realize that it is better to pay this price for an actual desktop or laptop, and hold off on a tablet for later.

There are several options available for your children when it comes to computers.  Most homes today have at least 1 computer in them, and yes, even your young children will benefit greatly by getting them started now using one.  As for my own opinion on this subject, I would say that unless the school mandated a laptop, I would stick with a desktop computer until they graduate high school, simply due to their own online safety.  There are also many tools you can use with computers for kids for monitoring their safety, but we will save that for a future discussion.

 

Hunter Bonner is an Information Technologist.  He can be reached via his blog techedgeblog.wordpress.com and on Twitter @HunterBonner