It is very likely that you live in some sort of house, and you tend to keep the door closed until needed to open. Even of thieves may consider not stealing from you, you will always lock the door. Same goes for all your social networks and Internet activities. You may be an average person and may not be under the prying eyes, but securing your accounts are a must these days when multiple security breaches occur everyday and try to leak personal informations, credit card details etc of users all over the world.
Recently here in India, the official Twitter account of National Congress Party was hacked, just after the heir of the party Rahul Gandhi’s account breach. Those accounts have been abused by posting menacing tweets. Although they restored control after some moments, this raises an important but often ignored question: How safe are you online? And how to secure your social networks from being hacked?
Aside from large and complex passwords, and setting an app locker to lock your Facebook or Twitter app, there is something called 2-Factor Authentication that can save you from such attacks.
What is this 2-Factor Authentication?
Normally, as for example, when you try to check your mails on Gmail, you log in to this site using your email address and password. When you created the Gmail account, you didn’t chose 12345678 as your password; instead, you used a good password that only you know of, and nobody can guess it easily. And you were sure that your account is protected.
But someone may guess your password. Someone can peer from behind you when you were typing a password in a public area. Or your password can be leaked from a friend of yours whom you trusted. Or even, there are several techniques like dictionary attacks or brute forcing to crack your password. Therefore you see, just a strong password does not provide enough security to your online services.
Thats where 2-Factor Authentication comes in action.
You log in somewhere on the internet, using your username/email and password. Then the site sends an SMS (or a phone call) containing a verification code to your phone number, which you have linked to your account. Then you need to put the code to successfully log in.
The code is random and generally 6-8 characters long, and expires in a few minutes. Thus, even if someone knows your username and password, he cannot get access to your account without the temporary code. Even if he tries random codes, the code changes every few minutes, so there is a really very poor chance that he may have input the correct code. Basically, knowing your username and password won’t get him access to your account. That is called 2-Factor Authentication, because it requires two factors, the password you already know, plus a randomly generated code that keeps changing every time you (try to) login.
Now that you know what it is, the next step is to enable this feature in your social accounts like Twitter, Facebook, even in Gmail. Here is how to do it.
- Open Account settings in Twitter by clicking on your profile photo, then going to Security and Privacy or by clicking here, or open Settings in the mobile Twitter app, then navigate to Accounts > Security.
- Then check the Login Verification box.
- A window appears with some introduction, click on Start.
- Input your password and Enter. Twitter sends an SMS to the phone number linked to your account. If you don’t have a phone number linked, add it first in the Mobile section in Settings, or in Account > Phone Number in the app. The SMS contains a 6-digit code.
- Enter the code in the next window.
You have now enabled 2-Factor Authentication in your Twitter account.
Gmail, or Google is an oldest player in this field. Google introduced 2-Factor Authentication many years ago. And you can actually choose between SMS or Phone Call to get your code delivered.
- Just head over https://myaccount.google.com/security/signinoptions/two-step-verification/enroll-welcome and click on Get Started.
- You need to sign in again.
- Then enter the phone number you want to get the code in, with country code. Choose between SMS or Phone Call, and hit TRY IT.
how to use 2 factor authentication on google
- Google sends you an SMS to verify if this is working. Enter the code you get from the SMS/Phone call and enable it.
- Next time you sign in to your Google account from any new device or browser, after entering the email and password, you must enter the code you recieve in your phone to get access to your account.
Well, facebook has a bit of complications here. Some users have a Login Approvals options in the Security Settings. But I myself did not see it anywhere in the settings tab. If you get it by chance, enable it, otherwise enable Login Alerts.
Login Alerts is a way of knowing who has opened your account. Facebook sends you an Email or Text Message saying someone has logged in to your account.
In your Account Settings, you can view which devices and browsers/apps your account is logged in from, with the time of logging in and approximate location. If you see something unusual here, remove the browser/device/app and change the password immediately.
Mostly in any other site, you will find this in the Settings section and under Security tab. If you don’t know if a site supports it, you can open https://twofactorauth.org and type in a site and it tells you if that site supports it. It also provides you with some information about those services.
In most of the cases, 2-Factor Authentication is enough, but not the only means to protect your information online. Having some basic knowledge is always required when you use the internet.
A popular way to steal credentials is Phishing:
it is like a trap where hacker creates a fake page that looks similar to an original site, then sends the user the link of the fake page, if the user is not smart enough to detect this, he puts his username, password there and the hacker gets it all. Keep an eye on the address bar of your browser, read the URL of the page you are visiting carefully. Check the spelling of the web address, facebook.com is real Facebook, but there may be a site faceboook.com that clones facebook and if you miss this, you may eventually sign in on the wrong page and leak all your data unknowingly.
In addition to that, use only trusted applications. Do not just download random apps to use your social services, they may have malicious codes inside them. Use official apps and websites as much as possible. Remember, you use internet for sharing and storing your valuable stuff, your photos, mails, documents, and you sure don’t want them to fall in the wrong hands and be used for bad purposes. Be a little bit careful to what you use and how you use it. And if you have some queries feel free to ask below.