You should learn one thing from the recent infamous hacking of celebrity accounts for nude pictures: a password, however strong or complicated, is not enough to protect your email, Facebook and Twitter accounts.
The dozens of actresses, musicians and models whose Apple iCloud and other online accounts were hacked last week all had passwords.
Yet their most intimate moments were tossed about online for all to see after their accounts were hacked. Whether by brute force calculations or fraud, someone guessed their passwords.
What could they have done differently? Security experts advise using something called two-factor authentication.
It’s a bit complicated to set up and will make your online life more annoying since any extra security necessarily sacrifices convenience. But it could save you grief.
If you’re not a celebrity, the chances of being hacked by an anonymous prankster or stalker are admittedly tiny. But someone you know, an ex-spouse, alienated relative or disgruntled colleague, might be targeting you online, especially if they have a good chance at guessing your passwords or, just as bad, the security questions needed to change your passwords.
Do you want your ex taking over your Twitter account because they know you use your dog’s name as a password? Probably not.
Two-factor support is enabled on a wide range of online services, including Google, Microsoft, Apple, Twitter and Facebook.
In very simple terms, it works by pairing something that you know, usually your online user name and password, with something that you possess, often a smartphone, and requiring that both be present when you log in to an online account for the first time on a new computer or device.
Let’s say you enable two-factor authentication on your Twitter account. You do so by logging into your account, going into settings, and giving Twitter the number of your smartphone.
Every time you log into twitter.com, your phone will receive a text message containing a code you will also need to enter to complete the log-in. (Apps already installed on your existing devices will work without needing an additional code.) The same goes for an attempt to log into your Twitter account from a new computer or device. Even if your ex guesses your canine-based password, they won’t be able to log into your account on their computer or smartphone without having direct access to the phone linked to your account. (Bonus tip: keep your phone in sight and protect it with a PIN.)
There are tradeoffs. Entering an additional code texted to you every time you log into Twitter on the web can get tedious. After enabling two-factor on a Google or Microsoft account, you might need to enter a code texted to your phone each time you log in with a new machine or device or the first time you log in with your existing devices. I had to do that even with my Xbox 360.
You also might find yourself needing authentication but can’t get a confirmation text because you’re not in cellphone service range or are travelling abroad and not using your phone to avoid costly roaming fees.
As a way around that, both Google and Microsoft provide authenticator apps that you can install on your phone or tablet. Once paired with your account, the apps will generate a code every 30 seconds as needed that can be used as authentication. They will work even when offline. Twitter allows you to use its iOS and Android apps to provide the same function.
For extra convenience, depending on the service, you can remove a primary machine — for example, a home PC only you have access to — from needing two-factor authentication. Do that when you’re the only person using that computer or if you really trust your children. (Final tip: protect your PC with a password or PIN.)
Two-factor authentication is not perfect. It, too, apparently can be hacked, although not as easily as a password. But just as in physical security, the idea is to be a difficult target so that the bad guys go after easier prey.
The tech sites Lifehacker and MobileSyrup have helpful stories explaining two-factor authentication and have direct links to information for enabling two-factor locks on most of the popular online services.
