Sunday, July 7, 2013

How to Turn on Two-Factor Authentication

Think about how much information about yourself you have saved in your email account. We sign up for bank accounts, buy things online, and communicate with others using our email addresses.

Is your password is strong enough to keep the bad guys out from grabbing all this sensitive information? I like to think mine is, but I also know that if someone really wants to, that person can use cracking tools and other tricks to break in.

With two-factor authentication, at least, the attackers need more than just my password to get in. Username and passwords are "what you know." Two-factor authentication requires something else, such as a mobile device, hardware token, or a smart card for "something you have." Biometric data, such as fingerprints, for "something you are," is also an option.

Basically, if the attacker tries to log in to your account with your password from an unknown device or browser, that person would also need your mobile device or your fingerprints to succeed.Google and Yahoo offer two-factor authentication for their web-based email services. If you use Yahoo Mail or Gmail, here is how to turn on this security feature.

If you have a Google account, then login to your account and click on your name in the upper right corner of the screen. In the resulting menu dropdown, you can click on Account to access the account settings page. Under Security, there is an option for two-step verification. Click on Edit to start the sign-up process.

You follow the step-by-step process to associate a mobile number to your account. Whenever someone logs into your account from an unknown browser or device, Google sends a challenge code via SMS message to your mobile device. Without that code, Google will block the login attempt. If you have an Android or iOS device, you can generate your own codes using the Google Authenticator app instead of waiting for the SMS message.

Speaking to The Associated Press ahead of the Global Intelligence Forum starting Monday in Ireland, Freeh said hackers seeking to take control of, or take down, key pieces of U.S. infrastructure could do more damage than the attackers of 9/11. He said computer systems controlling power plants, the navigation of aircraft and ships, and even the switching of street lights could be hijacked to gridlock societies and kill large groups of people.

"People traditionally think of this threat as somebody stealing their identity or their credit card number, or making it inconvenient to go to the ATM (cash machine). That's a very benign view of the potential for what cyber terrorism really is," Freeh said.

"You could manipulate transportation systems, aviation guidance systems, highway safety systems, maritime operations systems. You could shut down an energy system in the northeast U.S. in the middle of winter. The potential for mass destruction in terms of life and property is really only limited by (the attackers') access and success in penetrating and hijacking these networks," he said.

Freeh said people shouldn't be lulled into complacency just because hackers' attacks on government and business targets to date hadn't directly killed anybody.

"There's a lot of technology and a lot of ability out there, particularly with state actors," he said, referring to other governments' cyber-spying operations including in China, which U.S. authorities previously have blamed for stealing American corporate trade secrets. "We went through the Cold War without anybody using a nuclear bomb, but that didn't mean the capability and threat weren't there."

Freeh, 63, directed the Federal Bureau of Investigation from 1993 to 2001, leaving just before the al-Qaida attacks on the World Trade Center and Pentagon. In the years since he's become a top private investigator, most recently publishing the report into the cover-up of child abuse in the Penn State University football program. Last week he was appointed to oversee a probe into alleged corruption and malpractice in the payouts of billions in compensation from BP's 2010 oil spill in the Gulf of smart card.

He said his keynote speech Monday to an annual seminar organized by Mercyhurst University's Institute for Intelligence Studies would focus on how intelligence and law-enforcement agencies need to use the internet to identify threats — and keep their own secrets secure. The four-day conference brings together intelligence officials worldwide, with a focus this year on combating internet-based crime.

It takes place against the backdrop of continuing revelations from former U.S. National Security Agency analyst Edward Snowden, who is believed still to be holed up in Moscow's airport three weeks after the U.S. Justice Department charged him with espionage and theft of government property.

Freeh questioned Snowden's description as a whistleblower — and why the NSA ever gave Snowden such access to its secrets without effective supervision.

He said Snowden should "come to a forum or an arena where he can raise his whistleblower defense." He said the NSA, like other U.S. government agencies, has an internal reporting process for whistleblowers alleging wrongdoing but Snowden appears not to have used this.

"He's said publicly that he was witnessing and participating at least indirectly in what he thought was a mass violation of U.S. rights, constitutional rights, human rights, and so was forced to publicly disclose this. It's just not accurate. It's Hollywood-esque and may be romantic for somebody to think: My God, this guy had no choice. But the reality is he had plenty of options and choices," Freeh said.

Read the full story at http://www.smartcardfactory.com/!

No comments:

Post a Comment