Two things to do to dramatically increase your account's security

This is all very well documented on the web already, but rather than write the same email over and over to friends, I figured I'd post it here.

Enable Two-Factor Authentication

With two-factor authentication, the first time you log into your account from a new computer, the site you're logging into sends you a text message with a code, and you have to enter that code. This makes it so you need to have your cell phone on you to authorize a new computer (and once every month or so thereafter to refresh it), and so therefore a hacker needs both your password and your cell phone to get at your account. This is one of those things which is a minor annoyance for a user, but is a major annoyance for a hacker. It puts you in a whole different ball game from a security standpoint.

Here's a link to set it up on Google accounts: https://support.google.com/accounts/answer/180744?hl=en

Use phrase-based passwords

First read this xkcd: https://xkcd.com/936/
Bottom line is, your password is way less secure than you think it is, but you can easily make a password which is, in fact, very string.
This site is great for generating short phrases which make good passwords: http://tim.dierks.org/2007/03/secure-in-browser-javascript-password.html

Go forth, and be safe!

No comments: