two-factor authentication

How to Set Up Two-Factor Authentication

Leo has talked a lot on the Tech Guy show about using two factor authentication wherever possible to ensure the security of your online accounts. Two factor authentication requires more than just a 1 factor to login. This could include two of the following: something you are (such as biometrics like fingerprints or iris scans), something you know (a password), or something you have (a smartphone or hardware key). This could be called many things, including “Two-Step Verification” and “Two-Factor Authentication” depending on the site.

Keep Your Data Secure in the Cloud

After the recent iCloud security breach that released private celebrity photos, you may be wondering what you can do to protect your data in the cloud. Apple has released a statement saying that it was not a failure of iCloud or Find My iPhone that resulted in these photos getting out -- it was a deliberate and targeted attack. That being said, here are a few ways you can keep your data more secure online:

Use Strong Passwords

How can I see if someone is trying to access my gmail account?

Carneg from North Hollywood, CA

Episode 963

Carneg uses Apple Mail to download Gmail onto his computer, and he recently got an email from Google that someone was trying to access his account. So he tried to changed his password, but it won't let him.

Leo says that Google has a great feature at the bottom of the GMail page that would allow him to check out who's trying to log into his account and the device being used. Leo advises turning on second factor authentication, and to tie his gmail to his cellphone so that in order to change the password, he'd have to get a text or phone call to his phone.

Is it possible to reverse engineer Google Authenticator to figure out the passcode?

Episode 907

Robert from Burbank, CA

All authenticators are doing the same thing. It's a time-based, one-time use pass code. There's no data going back and forth between the authenticator app and Google, they are just both using the same algorithm to generate the code based on the time of day. Since no one knows that algorithm, it's not possible to figure out that code. They use a "one-way hashing" technique to do this. Just because the user has the 6-digit result on the authenticator does not mean anyone could go backwards to figure out what the key is.