second factor authentication

How do I use two factor authentication on iCloud?

Episode 1390

Eric from New Jersey
iCloud

Eric has heard that iCloud is going to require two factor authentication for third party apps. Is that true? Leo says it is, and it's a good idea. The problem is that not all apps have a two factor authentication scheme, so Apple has a work around by requiring an app specific password as well. Starting June 15th, if he doesn't have two factor enabled, he'll be forced to do it. From there, he'll have to re-login with a second unique one time password.

Is it safe to sign tax forms over email?

Larry from Petaluma, CA

Episode 1373

Larry has been asked to submit his tax returns electronically, which has a clickable link to electronically sign. He's hesitant, especially since a similar attempt was a phishing scam a few years back. Leo says that Right Signature, Docu Sign, and others give you a secure link to digitally sign. The problem is, how do they verify it's him that clicks on the link and digitally signs? They should be requiring a PIN code, or second factor authentication.

Has my Gmail account been hacked?

Episode 1362

Charles from Vienna, VA
Gmail Logo

Every time Charles tries to open Gmail on his Google Nexus, it wants him to sign in. He's suspicious that someone may have hacked his account. Leo says that there's a lot of reasons to be advised of that, but it's always wise to run Google's Security Checkup just to be safe. It'll tell him what devices are connected to his account and also input a second factor authentication warning.

Is email secure enough for sending sensitive information?

Episode 1353

Vernon from Pennsylvania
Email on iPhone

Vernon was told by his insurance company that they would be sending him documents via email, and the first two times, he didn't receive it. The third time they sent it, it arrived. They told him the document was encrypted, but he could put anything in the password field to open it. He's now concerned that his personal information could be out in the wild.

What should I do after my Apple ID was hacked?

Robert from Clovis, CA

Episode 1315

Robert's Apple ID got hacked and they've been changing all his passwords and email notifications. He contacted Apple and they aren't believing that he is who he says he is yet. Leo says that they are being deliberately slow now to avoid the social engineering snafu. They want him to provide proof through his payment records, but it may be that Robert got socially engineered and lost his password. That's why turning on 2nd factor authentication is important.

Change Your LastPass Master Password

On June 15, 2015, password manager LastPass made an announcement that its password database was hacked and some user account information had been stolen. Since LastPass has uses encryption and many layers of protection to slow down hackers, the damage will be minimal for LastPass users. While the hackers may have obtained the database of master passwords, they still don't have immediate access to everyone's passwords. That information has been encrypted, salted, and hashed, so it would take quite a bit of effort to break into it.

Do I have to use second factor authentication online every time?

Episode 1122

Jeri from Austin, TX
text messaging

Jeri isn't getting her text messages through her laptops, and her carrier is AT&T. Leo says that text messages are through the cell phone. Leo says that the first time she logs in, the bank will send her a text. She'll then input the code and the website will know that her browser activity is legit. But she shouldn't have to do it every time if she has the box checked to "trust this computer." Then it'll trust it every time and not worry about it.

How can I keep data secure on the iPhone?

Episode 1116

Adam from The Bronx, NY
Password

Adam has been keeping his bank information and passwords in the notes section of the iPhone, and he's wondering how secure that really is. Leo says that having different passwords for every account is a good thing and using a password manager is the best way to handle them. So take that next step and get LastPass. He should also turn on second factor authentication on every site that supports it.