Apple has joined the growing ranks of digital services enabling two-factor authentication as a means to protect their customers from account theft. Two-factor authentication has long been a staple of secure corporate and government networks, and employs a basic mechanic of password plus a randomly-generated authentication code that is delivered to a device that you must have in your possession at the time of authentication. In the past, this device has traditionally taken the form of keychain fobs and cards whose sole purpose was to generate numeric keys constantly, but this same functionality can now be delivered through apps that are installable on smartphones, via SMS message to registered cell phones, or even via automated voice calls to your home or office phone.
What this means for you:
In Apple’s case (as with services like Gmail, Facebook, and many massive, multiplayer online games like World of Warcraft), two-factor authentication is an opt-in service, and is not enabled by default with your Apple ID/iTunes account. Enabling the extra security requires you register one or more cell phones with Apple that will receive your authentication code via SMS. Should you do this? If you use services that require an AppleID (iTunes, iCloud, Mac.com, etc.) with any frequency, and especially if you have iTunes credit banked, you should absolutely enable two-factor authentication, especially if the account is tied to a core service you rely on, such as a Mac.com email address, or iCloud for your iPhone and other Apple devices. Two-factor security makes your AppleID (or any other account like Gmail, etc.) that much harder to hack. There will be some inconvenience, especially if you are in a hurry to access your account and have to hassle with the extra security code entry, but imagine the alternative if your account is hacked.
With greater security comes less convenience, a fact of life in this digital age, and not something that will change in the foreseeable future without a significant evolution in security technology.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
If you didn’t get your fill of scares this past Halloween, sit down and read this article about password security from Matt Honan, the Wired Magazine writer who’s digital life was destroyed this past summer in minutes by teenage hackers. If you only read one article this year, you should read this one, but in case you don’t (or can’t or won’t), I’ll try to sum up the most important parts of the article:
- We are sacrificing privacy and security for convenience.
- Passwords (even long, hard to guess ones) are no longer viable.
- The technology industry hasn’t been able to come up with a better solution to this problem.
What this means for you:
Again, if there is one article you should read this year, especially as you gear up to get your online shopping done this upcoming Black Friday, it’s this one! You’ve heard me give you all the precautions and practices you should be following to better secure your online information, but Matt explains in easy-to-understand, non-technical terms why folks like me are growing increasingly concerned – and in some cases frightened. We, as a civilization, have hit a critical point in our history, and if we don’t make some careful choices and some necessary changes to how we use computers, we are heading down a road of security ruin that could impact anyone that uses technology as a critical part of their lives.
Until better solutions to the password problem arrive, there are some things you can do:
- Don’t use the same login and password for multiple sites.
- If it’s available, use 2-factor authentication to secure accounts, especially email.
- Don’t use easy to guess passwords. Use really hard ones for your most important accounts.
- Use a separate, hard-to-guess email account for password resets that is separate from your main email account. Gmail is great for this, as it offers two-factor authentication.
- For password hint questions, eg. “What is your mother’s maiden name?” use incorrect answers that aren’t easily found on the web, and only you would know.
Read the article for even more tips on how to make yourself harder to hack.