Paul wonders if 2-factor authentication with SMS Messaging is all that secure. He uses 2FA using a voice call system. Is that secure? Leo says that 2 Factor is the most secure way to protect your data. But there are various ways to get it. Text message is the easiest, and it's better than nothing, but an authenticator like Authy or a hardware authenticator is far more secure. Ubikey is the most secure. An app authenticator, like Authy or Google Authenticator, would be the next most secure. Text messaging is the least secure because of SIM jacking.
two factor authentication
Saren hasn't been receiving the two factor authentication code he normally gets for his Gmail account. He would normally get it through his Google Voice number. Leo says it's insecure to send those two factor codes through SMS, because someone could spoof his number and get the text message. Google may have even stopped supporting SMS in favor of its Google Authenticator app.
Using Facebook on a public computer, or even on a friend's computer, can be risky. Facebook stores a cookie in the browser that enables the user to get into the site without actually logging in. This would make it possible for someone else to easily gain access to your account. Instead of avoiding Facebook entirely, there is a way you can still use it and prevent someone else from being able to get in — by using a one-time password.
Greg lost his iPhone and wants to know how to use Find My iPhone to locate it. Leo says as long as Find My iPhone is turned on, he should be OK. If it was put it in Airplane Mode, it won't broadcast because the radios are turned off, though. It's probably lost, and even if someone could find it, Greg has a complicated password and it'll wipe the device after 10 attempts.
Robert's Apple ID got hacked and they've been changing all his passwords and email notifications. He contacted Apple and they aren't believing that he is who he says he is yet. Leo says that they are being deliberately slow now to avoid the social engineering snafu. They want him to provide proof through his payment records, but it may be that Robert got socially engineered and lost his password. That's why turning on 2nd factor authentication is important.
Debbie keeps getting emails from people saying that they can't open the attachment she sent. Is she being spoofed? Leo says yes. It's very common and unfortunately, there's nothing she can do about it except wait. Eventually, the spammer will move on to another email, and they'll go away.
Lou's Yahoo Mail account got hacked and has been used to send out spam. He's changed all his passwords, but he's worried that they now have control of his iPhone. Leo says that didn't happen and Lou is being understandibly paranoid about it.
Leo advises changing the password and then turning on two factor authentication. This is usually done by giving Yahoo his phone number and then they will text him if his password is being changed. He'll input the code and then the password gets changed. This prohibits someone from changing the password unless they steal his phone first.
Richard is having trouble linking Windows Live Mail and Gmail. What gives? Leo says to make sure that IMAP is turned on. Then, if he has two factor authentication turned on, he'll have to use the app specific password for his gmail account. Also make sure SSL is checked on the incoming and outgoing servers for Google. It's likely that an app specific password is required.
The 'Heartbleed' bug that has affected most of the internet's popular websites has exposed usernames and passwords along with other secure certificate data. Even after a site has fixed this bug, it's still essential for everyone to change their passwords because the data could have been intercepted before the site was patched. This is a great opportunity to create more secure passwords, and to start using a password vault like LastPass.
Taylor is moving from an iPhone to a Samsung Galaxy S4. He has two factor authentication set up on his current phone, and is wondering if there's an easier way to transfer it all to the new phone.