How to use two factor authentication on your favourite websites and devices

In light of the recent nude picture leaks that have hit the headlines, TechWeekEurope has teamed up with James Mace, security consultant at ethical hacking firm Pen Test Partners, to help you stay safe and secure online, as well as keep your privacy protected.

It’s not just adults who are guilty of clicking that ‘send’ or ‘upload’ button far too willingly. Children are also at risk, with many having their own smartphones directly connected to the web.

One of the most effective steps you can take is to apply Two Factor Authentication, often abbreviated to ‘2FA’, to your social media sites. Usernames and passwords are often stolen during hacker breaches. If the victims of the breach re-use passwords, their other accounts can be compromised. 2FA is about asking for extra information when you login, something like a one-time code sent to you by text message. Without the one-time code, it is far harder to hack your account. Some ask for an extra code every time you use a new computer or smartphone – the idea is that the attacker is unlikely to have your PC/Mac/phone too, so their attack is crippled.

Many social networking services have now implemented 2FA, but it’s not always obvious how to do it. Here is Mace’s quick guide to setting up 2FA on some popular web sites:

Facebook:

  • Login to Facebook

  • Navigate to the user settings page via the icon. That’s one of the links in the top right hand corner of the page

  • Run through both the ‘Security’ and ‘Mobile’ tabs to set up 2FA

  • Follow on-screen instructions

Google:

Twitter:

  • Login to your account and navigate to the settings page.

  • Click ‘Security and privacy’ on the left-hand navigation panel

  • Then enable: ‘Send login verification requests to my phone’ (NB You will have to add your phone to the account first. If you don’t want SMS overload, just uncheck those options!

  • Follow on-screen instructions.

Apple:

  • Login to your account using your apple id at https://appleid.apple.com

  • Click on ‘Manage your Apple ID’ located on the right-hand side of the page.

  • Choose ‘Password and Security’

  • Select ‘Two-Step Verification’ and follow on-screen instructions.

PayPal:

  • Login through the paypal.com website

  • Click on the image of a cog to view account settings

  • Choose ‘Security’ from the navigation panel

  • Select ‘Security Key’ and follow on-screen instructions

Some further tips to help prevent information leakage:

·        It is paramount that you understand that once information has been uploaded to the web, it is often VERY difficult to remove.
·        Be aware of the types of information/images you have stored on web connected devices.
·        Always enable the highest setting security options for your device – advice often found on the vendor’s website.
·        Ensure commonly overlooked options such as ‘auto-backup’ are turned off on sensitive albums.

It’s also worth noting that this doesn’t just apply to your current gadgets; old devices with storage capabilities have also the potential to be private data gold mines. The ‘factory reset’ option often doesn’t wipe the device sufficiently for data to be recovered, so encrypt where possible. If your device is lost, opportunists will struggle to retrieve encrypted files, particularly if your PIN is strong. And don’t rush into data migration when buying new devices; seek advice before copying one set of private selfies on to a new device

Ultimately, my advice would be to think before you upload. If you’re putting something on the internet that you wouldn’t want everyone to see, make sure you secure it. Don’t feed the pervs and trolls.

How well do you know Apple? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

View Comments

  • 2 is larger than 1 on paper, but two weak boys in the real world may well be far weaker than a toughened guy. Physical tokens and phones are easily lost, stolen and abused. Then the password would be the last resort. It should be strongly emphasized that a truly reliable 2-factor solution requires the use of the most reliable password.

    Sufficiently strong passwords are the key. Generally speaking, hard-to-break passwords are hard-to-remember. But it is not the fate. It would be easily possible to safely manage many of such high-entropy passwords with the Expanded Password System that handles images as well as characters. Each image/character is identified by the image identifier data which can be any long. Assume that your password is “ABC123” and that those characters are identified as X4s&, eI0w, and so on. When you input ABC123, the authentication data that the server receives is not the easy-to-break “ABC123”, but something like “X4s&eIwdoex7RVb%9Ub3mJvk”, which might be automatically altered periodically or at each access if required.

    When such high-entropy data are hashed, it would be next to impossible to quickly crack the hashed data back to the original password. Give different sets of identifier data to “ABC123” and the different servers will receive all different high-entropy authentication data. Brute-force attacking of “ABC123” and other similarly silly passwords would perhaps take less than a few seconds with dictionary and automatic attack programs but it could be an exhausting job when criminals have to manually touch/click on the display with their fingers.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

14 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

14 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

15 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

15 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

16 hours ago