I recently started a new job, and my wife hates me for it. Ok wait, let me explain. A little background:
I’ve served in various network engineer roles for the past 10 years - doing Microsoft/Cisco/Dell/VMWare infrastructure installs and upgrades. But recently I’ve shifted gears a bit into a job that’s all about information security, and helping others develop information security practices and programs. Even though I’m only a few weeks into the job, I’m starting to implement stronger security in my own computing practices so I can “learn by doing” and help others too.
And this is the part where my wife wants to kill me. Because instead of nice short, easy-to-remember passwords on the services we use as a family, I’ve changed them all to 25+ character monstrosities with a mix of upper/lowercase characters, numbers and symbols. Ever tried entering a 25-character password via the sluggish AppleTV remote? Yeah, it’s not fun.
Bottom line: when all that stands between my wife and the latest episode of Downton Abbey are my security practices, I risk sleeping on the couch.
Lately I’ve been seeing a lot of my friends report hacked Facebook and Hotmail accounts, so I’m encouraging them to take advantage of some simple security measures to reduce the likelihood of that happening (again).
Almost all the big cloud services offer two-factor authentication, which combines something you know (like a password) combined with something you have, like a text message from your phone or a security token. This strengthens your account security by adding an additional electronic roadblock if your password is compromised.
Here are some “how to” links for turning on two-factor authentication at some popular online services:
Microsoft - http://blogs.technet.com/b/microsoft_blog/archive/2013/04/17/microsoft-account-gets-more-secure.aspx (they just turned on two-factor over the last few days).
Looks like Evernote and Twitter will be getting on board soon as well, I hope!
Don’t forget that two-factor authentication doesn’t lessen the need for using good, long, strong passwords across your accounts, and using different passwords for each account. I personally like using password management tools like LastPass or 1passwd so I don’t have to try and remember them all :-)