Activating Two Factor Authentication for Gmail, Twitter, Facebook
In light of the Heartbleed bug, it’s a good time to share my experience taking control of password management. Sadly enough, I focused on one variation of the exact same password for countless websites, including online banking. Security experts may lambaste my feeble efforts. Similar to most busy professionals, I settled for the convenience of online services and social media, but don’t want the hassle involved with securing personal data properly.
Those days of negligence are a thing of the past now. I reset passwords of social accounts, activated two factor authentication where possible, and created a personal password management system.
Saving Passwords in Web Browsers and Social Media
First of all, we’re all lazy, but saving passwords on social media and other login pages is a no-go. If anyone gains access to your computer, they have an easy route to grabbing personal info stored in those accounts.
For the “saved password” function or password manager within browsers such as Chrome and Firefox, I play it extra safe and avoid these tools as well. Why store all your password in one spot online? If a person breaks into that manager, those passwords are compromised.
2-Step Verification for Gmail
To reinforce login for Twitter, Facebook, Tumblr, Pinterest, and Gmail, I enabled two-step authentication. The extra step does prolong the login process, but it’s a necessary extra layer of defense. Granted, there are a number of issues that could arise with this feature.
If you have issues with your mobile phone, then you cannot receive the authorization code via text. Due to my laziness in not purchasing a good smartphone (Kyocera Event), I ran into this problem recently. The phone would not power on for a solid day. When accessing Gmail, this window arose:
Gmail offers you several options to bypass the problem discussed above. When setting up two-step authentication, make sure you add a backup phone. If you’re phone bites the dust, you can send a verification code to another device. Read the Google help page here for setting up the backup phone.
Now if you didn’t store a backup phone or can’t sign into your account through a trusted browser already established, then you might run into that “3-5 business days” road block. According to Google help for common issues with 2-step, if your phone is lost or stolen, these are your options:
- Using Backup Codes
- Google Authenticator
- Signing in from a trusted computer
- Purchasing or receiving a new phone
- Receiving code via remote voicemail
- Use the Account Recovery Form
If you clear web browsing history consistently and often, then the option “Signing in from a trusted computer” will not work. Also, I rarely rely on voicemail and did not set up remote access, which eliminates option 4. The Account Recovery Form is the last resort.
Two-Step with social media
If you have Pinterest and Tumblr accounts, they most likely emailed you about changing your password due to Heartbleed vulnerability. Twitter and Facebook offer the option as well. Take advantage of the extra security layer. Both verification systems are similar to Gmail.
With Facebook you can establish two-step authentication via text, code generator, and they can email you logins from new browsers. Activate it in your account “Privacy” settings.
The same goes for Twitter. Go to “Security and Privacy” to activate verification requests.
Storing Passwords Offline
I tend to take an old-school tedious approach with password management. Rather than using a password manager, they are consolidated on a notepad. If the notepad gets lost or someone steals it (never going to happen), reset the passwords.
If you use countless services and sites online, the number of different passwords you create are too complicated to remember. Also, it’s a good idea to change your passwords every few months. I set a reminder in the Google calendar app connected to Gmail to remind me to reset particular banking, social media, and other passwords every three months.
For creating complicated and strong passwords, refer to this post about browser security and read about password creation towards the end. Use a combination of words, capital letters, special characters, and numbers. I would avoid any personal info such as middle names, pet names, and anything else identifiable.
That’s my simple minded view on password management and two factor authentication
Do you think this approach is a little over-the-top?