Wesley recently lost access to his Gmail. He tried doing password recovery, expecting 2-factor authentication. But Gmail says they can't be sure it's him, so he remains locked out. At least he can log in with his phone because Gmail trusts Wesley's iPhone, which knows the password. Leo isn't sure why the recovery hasn't worked. Perhaps his challenge questions are being answered incorrectly? Since Wesley's phone is working better with Gmail, he should try recovering the password with the phone.
2 factor authentication
Joey wants to know if the new Net Neutrality bill will pass. Leo says probably not. The Senate is controlled by one party that isn't in favour of Net Neutrality and the president wouldn't sign it if it did. Their view is that the government shouldn't regulate the internet. But Leo says that while that's true, it's a good idea to have a check and balance on the internet service providers.
Should you use 2-factor authentication? Leo says yes, but Leo isn't a fan of 2FA over SMS text messaging. It's too easy to spoof, but it's better than nothing.
Yesterday's story about Collection #1 - a package of hacked email passwords, is actually now reported to be a few years old, so the damage is not as great as previously believed. But Leo still says that it's a wise idea to go to HaveIBeenPwned.com/passwords and see if your account has been hacked. And then change your password. In fact, it may be a good idea to change it anyway, and turn on 2 factor authentication while you're at it.
Carmine has 2 factor authentication on most of his systems, but some use SMS, and he thinks that's not very secure. Leo says that there will always be a trade-off between security and convenience. But SMS is far easier to crack than independent authentication through an authenticator. Leo says to contact the cellphone company and have them put their additional layer of authentication on her phone.
Cheryl is concerned that with the recent Facebook security breach, her account will be hacked. Leo says it's more likely that someone will counterfeit her account, lifting her images, and change it just slightly to fool people she knows to friend it. Facebook has reset all 30 million accounts so that users would have to change their passwords. Leo also would recommend turning on 2 factor authentication.
Facebook reported this week that 50-90 million user accounts were hacked or compromised through three bugs in their interface that would allow a hacker to bypass password challenges through a stolen access token, video downloader access. Facebook says they have fixed the bug and made access tokens unusable for the 90 million compromised accounts. So if you had to re-log in this week, chances are that your account was compromised. Leo also says this is a good time to change your password and turn on 2 Factor Authentication in your Facebook settings.
Linda thinks her email accounts on Google and Yahoo have been hacked. She tried to log in, and it says "account no longer exists." What can she do? Rich says she may or may not have luck recovering it because Google has billions of accounts, and there's no deal tech support. Here's a good place to start to recover her account: https://support.google.com/accounts/answer/7682439?hl=en.
When visits Facebook, he's been having issues where the page scrolls on its own. Leo says if it happened everywhere, it could be a stuck down key, but since it only happens on Facebook, that's an indicator for software. Could someone be taking over his account? Leo says probably not. Just in case, however, he should go into his Facebook settings and turn on 2nd factor authentication. Then if someone tries to hack his account, it'll send him a notification asking if he's logging in. If it's not him, they can't log in.
Melanie finally got Google to reset her password and now she wants to know how she can prevent having her account hacked in the future. Leo says that the first thing is to have a recovery phone number and a different email for recovery. Then she should turn on 2-factor authentication. Making her password really difficult to crack is a good idea. Leo recommends using a password vault, like LastPass, and have it generate her passwords. Then she only has to remember LastPass's password and it will take care of the rest.
Sending unsolicited text messages is bad form, and Facebook got caught using their 2 Factor Authentication database to send out ads and other notifications.
Facebook admitted their faux pas and apologized. Leo says that's become the modus operandi of Facebook: move fast and break things, then apologize. In other words, better to ask forgiveness than ask permission.