Eric has heard that iCloud is going to require two factor authentication for third party apps. Is that true? Leo says it is, and it's a good idea. The problem is that not all apps have a two factor authentication scheme, so Apple has a work around by requiring an app specific password as well. Starting June 15th, if he doesn't have two factor enabled, he'll be forced to do it. From there, he'll have to re-login with a second unique one time password.
second factor authentication
Larry has been asked to submit his tax returns electronically, which has a clickable link to electronically sign. He's hesitant, especially since a similar attempt was a phishing scam a few years back. Leo says that Right Signature, Docu Sign, and others give you a secure link to digitally sign. The problem is, how do they verify it's him that clicks on the link and digitally signs? They should be requiring a PIN code, or second factor authentication.
Every time Charles tries to open Gmail on his Google Nexus, it wants him to sign in. He's suspicious that someone may have hacked his account. Leo says that there's a lot of reasons to be advised of that, but it's always wise to run Google's Security Checkup just to be safe. It'll tell him what devices are connected to his account and also input a second factor authentication warning.
Vernon was told by his insurance company that they would be sending him documents via email, and the first two times, he didn't receive it. The third time they sent it, it arrived. They told him the document was encrypted, but he could put anything in the password field to open it. He's now concerned that his personal information could be out in the wild.
Robert's Apple ID got hacked and they've been changing all his passwords and email notifications. He contacted Apple and they aren't believing that he is who he says he is yet. Leo says that they are being deliberately slow now to avoid the social engineering snafu. They want him to provide proof through his payment records, but it may be that Robert got socially engineered and lost his password. That's why turning on 2nd factor authentication is important.
Laxman likes Leo's new show The New ScreenSavers and wonders if there's a Call for Help segment. Leo says there is and he can email them to make that request. They choose the best calls and then call that person back.
On June 15, 2015, password manager LastPass made an announcement that its password database was hacked and some user account information had been stolen. Since LastPass has uses encryption and many layers of protection to slow down hackers, the damage will be minimal for LastPass users. While the hackers may have obtained the database of master passwords, they still don't have immediate access to everyone's passwords. That information has been encrypted, salted, and hashed, so it would take quite a bit of effort to break into it.
This week, Leo's preferred password manager LastPass got hacked. Leo still recommends them though, because they can generate extremely long custom passwords, so all you have to remember is the one LastPass password. But that's where the achilles heal was.
Jeri isn't getting her text messages through her laptops, and her carrier is AT&T. Leo says that text messages are through the cell phone. Leo says that the first time she logs in, the bank will send her a text. She'll then input the code and the website will know that her browser activity is legit. But she shouldn't have to do it every time if she has the box checked to "trust this computer." Then it'll trust it every time and not worry about it.
Adam has been keeping his bank information and passwords in the notes section of the iPhone, and he's wondering how secure that really is. Leo says that having different passwords for every account is a good thing and using a password manager is the best way to handle them. So take that next step and get LastPass. He should also turn on second factor authentication on every site that supports it.