Twitter Hacked! Are You Next?
You may remember near the end of April when the Associated Press Twitter account was hacked, and a false new alert was sent about an attack at the White House?
You could be embarrassed next. Why? If you, like the AP, have not enabled 2-step authorizations on your social media accounts, you very well may be next.
Feeling Insecure about Your Security?
Security in the cloud-connected world is getting constantly better. In the past year or so, Google, Facebook, Apple’s iCloud, Dropbox, Twitter, among other organizations have built-in an extra layer of security, called two-step authorization.
If you log into a public computer in the library, or at a colleague’s computer and want to get something from your Google Drive or Dropbox account, normally you log in with your user name, and password to that service.
But if you enable “two-step” authorization — the site will let you in only AFTER it first sends a text to your mobile phone with a short code, a kind of temporary extra password that lets you use a different computer to access files in the cloud. If someone were trying to hack into your account and guessed your password, they would not be able to access the account without the code text sent to your mobile phone!
How to set up 2-step
Let’s use Dropbox as an example: We will “authorize” Dropbox app on a new tablet.
First, log in to Dropbox on your computer, sign in to your dropbox.com account.
Click on your account name in the upper right of the browser window and choose the Settings icon.
In the next window choose the security tab. There on the left, just below your email address and “change password” area is the “Two-step verification” link.
Enter your mobile phone number. Dropbox will send a short code as an SMS message containing an easy to remember five or six digit number. Type that number into the verification field. If you don’t enter that code in about 15 minutes or so, Dropbox will “forget” that code, and it won’t be good again, a kind of time-limited access.
From now on when you log in from a public computer, leave on the “Trust this computer” unchecked. But you can choose to “trust” your laptop, or mobile device like a tablet or smartphone.
The short code that is sent via SMS to your phone? You need to enter that code in a separate box after you have entered your account login information, and password.
Here is why this is good
In the “old” way, if someone hacked your account, and changed your password, it could lock you out of your own account.
But with 2-step verification turned on, no one can change your password without an SMS message showing up on your phone. If you did not log in to a “new” computer or device, that means someone is trying to get access to your stuff.
If you DO get an unexpected SMS — perhaps someone was trying to access your account. Log in to the service and change your password as soon as you can, to make sure that your stuff remains yours, alone! Like the SMS says, “happy Droboxing!”
You are not alone
Here are some great step-by-step articles and tutorials for a variety of cloud services.
A good article at Wikipedia on what 2-step Auth does.
Setting up 2-step with GMail, and Google Drive
Setting up 2-step with Dropbox
Setting up 2-step with Box
Setting up 2-step with Apple iCloud and iTunes AppleID
Setting up 2-step with Twitter
All of us at the Multimedia Learning Center take security seriously, and balance it with a reasonable need to be efficient in our time with cloud-based resources. If you have questions, just stop by and see us! We are on the ground floor of Kresge Hall, Suite 1-347.