2 factor authentication

Is the Yubikey Safe for Authenticating Online?

Yubikey 

Episode 1603

Don from Omaha, NB

Don wants to use a Yubikey to keep his computer safe online. Leo says that the Yubikey is serious two-factor authentication that enables users to generate a code to offer an extra level of security. It's a physical USB device that spits out a code with a one time password. Leo uses it for his email, Twitter, and a host of other sites online. He wishes his bank would support it. He keeps it on his keychain, using a Type C connector. But he can get a Type A adapter as well.

There's even an open source version called SOLOKEYS, which Leo says is every bit as good.

Has my Google Home Hub been hacked?

Google Home

Episode 1596

Pat from Los Angeles, CA

Pat has a google home hub and she thinks it's been hacked. What can she do? Leo says that it's likely that someone has hacked Pat's Google account. Leo recommends changing her password and turning on 2-factor authentication. Add an account recovery number and email as well. That will keep someone from changing your password. Leo also recommends turning off "share your device" in the settings and set up Voice Match. 

Is my Gmail Account Being Hacked?

Gmail

Episode 1592

Jade from Santa Monica, CA

Jade keeps getting a security alert from Gmail that someone is trying to open her Gmail account. Leo says that Google will send warnings like that when someone is trying to break in and use her email account. but they usually include a location. If there's a button, DO NOT CLICK ON IT. It could be a phishing scam. Leo also recommends turning on two-factor authentication. That way, even if a bad guy has your password, they still need your phone to complete the login. She also needs to know what gov't phone company she should get her low-income smartphone from. Leo recommends ASSURANCE.

How can I recover my Gmail account?

Gmail

Episode 1589

John Paul from Carlsbad, CA

John Paul is having a hard time recovering his Gmail account. What can he do? Leo says it's very difficult to recover your Gmail because there's really no one to talk to. Gmail is a free service and doesn't offer support. If you had the paid version, GSuite, you'd have support. But since this is free, you're really at the mercy of the support documents. One way to prevent this is to turn on 2-factor authentication. That way you get a text message with a code that you input, or you use an authenticator.

How Can I Reset My Gmail Password?

Gmail

Episode 1578

Wesley from Los Angeles, CA

Wesley recently lost access to his Gmail. He tried doing password recovery, expecting 2-factor authentication. But Gmail says they can't be sure it's him, so he remains locked out. At least he can log in with his phone because Gmail trusts Wesley's iPhone, which knows the password. Leo isn't sure why the recovery hasn't worked. Perhaps his challenge questions are being answered incorrectly?  Since Wesley's phone is working better with Gmail, he should try recovering the password with the phone. 

Should I use 2-Factor Authentication?

 Net Neutrality

Episode 1572

Joey from San Diego, CA

Joey wants to know if the new Net Neutrality bill will pass. Leo says probably not. The Senate is controlled by one party that isn't in favour of Net Neutrality and the president wouldn't sign it if it did. Their view is that the government shouldn't regulate the internet. But Leo says that while that's true, it's a good idea to have a check and balance on the internet service providers.

Should you use 2-factor authentication? Leo says yes, but Leo isn't a fan of 2FA over SMS text messaging. It's too easy to spoof, but it's better than nothing.

Collection #1 Password Hacks Prove to be Older than Believed

Episode 1559

Yesterday's story about Collection #1 - a package of hacked email passwords, is actually now reported to be a few years old, so the damage is not as great as previously believed. But Leo still says that it's a wise idea to go to HaveIBeenPwned.com/passwords and see if your account has been hacked. And then change your password. In fact, it may be a good idea to change it anyway, and turn on 2 factor authentication while you're at it.

Is 2 Factor Authentication by SMS secure?

Smartphone and computer

Episode 1555

Carmine from Chicago, IL

Carmine has 2 factor authentication on most of his systems, but some use SMS, and he thinks that's not very secure. Leo says that there will always be a trade-off between security and convenience. But SMS is far easier to crack than independent authentication through an authenticator. Leo says to contact the cellphone company and have them put their additional layer of authentication on her phone.

How can I prevent my Facebook account from being hacked?

Facebook

Episode 1535

Cheryl from Alexandria, VA

Cheryl is concerned that with the recent Facebook security breach, her account will be hacked. Leo says it's more likely that someone will counterfeit her account, lifting her images, and change it just slightly to fool people she knows to friend it. Facebook has reset all 30 million accounts so that users would have to change their passwords. Leo also would recommend turning on 2 factor authentication.

Facebook Gets Hacked, 90 Million Users Compromised

Facebook app

Episode 1528

Facebook reported this week that 50-90 million user accounts were hacked or compromised through three bugs in their interface that would allow a hacker to bypass password challenges through a stolen access token, video downloader access. Facebook says they have fixed the bug and made access tokens unusable for the 90 million compromised accounts. So if you had to re-log in this week, chances are that your account was compromised. Leo also says this is a good time to change your password and turn on 2 Factor Authentication in your Facebook settings.