If you are not using 2-factor (2-step) authentication for your main account logins (Gmail, OneDrive, O365, your banking sites, etc.), switch to this method to protect your accounts.
I have literally received emails from "Gooogle" saying my account was compromised. Nobody broke in; they can't without my phone and the 2-factor authentication. I laughed and deleted the phishing email.
How it works:
Login with a normal User-ID and password. Then, a few seconds later, the phone's "Authenticator" app prompts for your permission to continue. It basically asks, "Is that you trying to login now?"
Now, instead of a text message, the phone asks, "hey, is that you?" |
Benefit:
Even if your credentials are stolen, they still can't login to your account!
Your account cannot be compromised without your phone.
Works with all smart phones (technically with all cell phones)
This used to be my cell phone with my first Authenticator app! |
This is important
Without 2-factor, I no-longer feel safe.
With sites, such as Google, OneDrive, banking, and important social-media sites, I always use 2-factor.
With your bank, twitter, etc., go into their profile screens and enable 2-factor. Many will link to Google or Microsoft's Authenticator Apps, or they may use a text-message. No matter which, you must enable it to gain the benefits. If your (bank) does not support 2-factor, switch banks because they are idiots.
"Google Authenticator"
With a smart phone, installing 2-factor is a breeze. It is two simple steps, plus a few more optional steps to safeguard and backup this new feature.
Steps:
1. Setup Google's 2-step verification here: Two-step verification or follow these steps.
(Do this before installing the authenticator app)
- Login to (Gmail) or any Google Service
- Click Profile Picture, then "Manage your account"
- Click Security, 2-Step Verification. Enable. Follow the prompts.
- Important: Generate Backup Codes
In the 2-Step security panels, click Backup Codes and generate (10) emergency codes. Store these in a safe location (paper?) - do not store the backup codes on any Google services - you need to get to these when you can't login. I store mine, both on paper and on Microsoft's One Drive and ironically, I store Microsoft's One Drive's emergency codes on GDrive.
2. Install the Authenticator App
Two-factor (2-step) authentication must already be enabled on your Google account profile.
From the app store, search and install "Google Authenticator". Follow prompts.
Once installed, confirm or find the icon on your (phone's) desktop. Use this icon for those rare times when the app needs to be opened manually. Timed codes can also be found here.
3. Recommended: The phone should have a locked login screen, requiring a (PIN). Without this, a stolen phone could be used to login.
You are done.
Next time you login to any Google Service, check your phone and click the "yep, that's me."
If you have an Android tablet (logged into the same Google
account), this device can also be used for authentication. No need to install
the authenticator app and both devices will get the login prompts. Theoretically, Apple tablets can do this too, although I haven't figured this out yet -- but certainly Apple phones work very well as the primary device.
What if no Phone?
What if you don't have your phone? You can't easily login. If you have a secondary (Android) tablet, it will have the same prompt, "yep, that is me".
In a worse-case scenario, use one of the 10-generated backup codes. I have used 2factor since 2011 and have used the backup codes 3 times - mostly when switching to a new phone. But since now installed on my tablets, I have not needed them, plus Google has a better way.
If Changing to a New Phone
If you know you are replacing your phone, or are re-imaging the phone, test logging in with your backup tablet.
Or better:
a. From the Google Profile screen, click "Security", 2-Step.
b. On the 2-step panel, see prompt, "Change Phone". Follow prompts.
If no secondary device, consider temporarily disabling 2-factor, or be prepared to use the backup codes, printing them beforehand.
Microsoft's Authenticator
Microsoft Services also support 2-factor and they have their own application. If you are using O365, this should also be enabled. Microsoft's program works a little differently, and in some respects, it is better. If you use both Microsoft and Google, you will use two separate applications. When Facebook has theirs, then you will need three. Work will probably use their own app. Sigh.
Rough steps:
1. From a browser, go to https://account.microsoft.com Sign in.
2. Click Profile Picture, then "My Microsoft Account"
3. Click Security (update your security info). Oddly, do not click "Change Password/security"
4. Click "Advanced Security Options"; Enable two-step authentication. Follow prompts.
5. Install Microsoft "Authenticator" app on phone
6. From the same "enable 2-step" panel, scroll down and generate a new "Recovery Code"
Related Articles:
Gmail Protection Steps
Related articles:
Keyliner Better, Stronger Safer Passwords
Keyliner: Your Gmail account has been hacked
Google Account Compromised
Google has these instructions if your account were hacked and the password was changed:
https://support.google.com/mail/answer/50270?hl=enhttps://support.google.com/mail/answer/50270?hl=en
Originally published 2014.11.01