Monday, October 17, 2011

Hacked!

Do you have your e-mail account "in the cloud" as they say? It is convenient, but there are risks.

Check out this article, from The Atlantic:
"Hacked!" by James Fallows
http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/?single_page=true

As someone who uses GMail literally everyday, I was almost literally screaming at the screen as I read it. USE TWO-FACTOR AUTHENTICATION, YOU DOLT! How could you possibly write an article like this without mentioning it? Until, finally, about 80% of the way through the article, the author finally got around to the most important point. Even then, he calls it a "half step". He's wrong, of course, to think of it that way just because other e-mail services do such a poor job relative to Google. But at least he mentions it and recommends it:

"Here it is: if you use Gmail, please use Google’s new 'two-step verification' system. In practice this means that to log into your account from any place other than your own computer, you have to enter an additional code, from Google, shown on your mobile phone. On your own computer, you enter a code only once every 30 days. This is not an airtight solution, but it can thwart nearly all of the remote attacks that affect Gmail thousands of times a day. Even though the hacker in Lagos has your password, if he doesn’t have your cell phone, he can’t get in."

"In case you’ve missed the point: if you use Gmail, use this system. Also, make sure the recovery information for your account—a backup e-mail address or cell phone where you can receive password-reset information—is current. Google uses these to verify that you are the real owner."

That is all good advice. Follow it.


Want more information? Check out this G+ post from a Google Senior VP:
https://plus.google.com/100873628951632372330/posts/Fvr2rCPiPUu

"Just as a quick followup on yesterday's post, James has now posted a nice Q&A with the most frequently asked questions. The Gmail Help Center also has an excellent security checklist (https://mail.google.com/support/bin/static.py?hl=en&page=checklist.cs&tab=29495)."

"And just to add one more point: account hijacking is not a theoretical possibility. Every day we thwart tens of thousands of hijacking attempts where the hijacker has the correct account password. We've occasionally had attackers with hundreds of thousands of correct passwords (usually from users who use the same password and user name on other sites). Think about it--you could be one of them."

"Is using Gmail's 'two-factor' system a nuisance? Let me put it this way: is it a nuisance carrying around keys to your house, versus just leaving the door unlocked?"