Protecting Against Data Breaches Is as Easy as 1 - 2
There are ways you can protect yourself or your company from a data breach. Don’t assume this is an insurmountable task just because so many “big” outfits get slammed with data breaches. Though it’s been said that, sooner or later, an enterprise will get hacked, the truth is many will never get hacked, and for good reason.
- Every important account should have two-factor authentication. The two-factor protection eliminates the issue of exposed passwords that are a common thread running rampant through many of the latest data breaches. Once a crook has your password, and that’s the only requirement for accessing an account, you’re screwed.
- With two-factor authentication, the user must first enter the password. However, the second step requires knowing a unique code that’s sent to the legitimate user’s smartphone. How will a hacker get this information? This code also changes every time the user logs in. No way a hacker can possibly know the code.
- Two-factor verification has different kinds of setups for the major platforms, and they are as follows:
Facebook. It’s called “Login Approvals”. At the top and to the right is a blue menu bar. An arrow faces down; click it to pull up a menu. Go to Settings. A gold badge is to the left. Next to this is “security.” Click that. To the right you’ll see Login Approvals and a box, “Require a security code.” Check this, then follow instructions. Facebook’s Code Generator may require a person to use the Facebook mobile application on their iOS or Android to retrieve the code. Or, a text will be sent.
Google. Visit google.com/2step where you’ll see a blue “get started” button in the upper right. Click it and follow the instructions. You can opt for a phone call or text of the code, and this also sets you up for YouTube and other Google services.
Twitter. It’s called “Login Verification”. Go to this site and click the gear icon you’ll see in the upper right. To the left is Security and Privacy; click this. You’ll notice Login Verification under Security. You’ll choose how to receive the code, and then after that point, follow the remaining prompts.
PayPal. Its called “Security Key”. Hit Security and Protection on their site on the upper right. Next is the PayPal Security Key on the bottom left. Click “Go to register your mobile phone.” Then on the next page put in your phone number and you’ll get a text of the code.
Yahoo. It’s called “Two-step Verification”. Hover over your avatar. This will bring up a drop-down menu. Hit Account Settings and then Account Info. Next, scroll to Sign-In and Security. You’ll see a link called “Set up your second sign-in verification.” Click. After entering your phone number you’ll get a texted code. If you don’t have a phone, Yahoo will send you some security questions.
Microsoft. It’s called “Two-step Verification” Go to login.live.com. On the left you’ll see a link. This link goes to Security Info. Click that. On the right is a link, Set Up Two-Step Verification. Click that and then go to Next. Follow the prompts.
Apple. It’s called Two-Step Verification”. Go to applied.apple.com. On the right is a blue box, Manage Your Apple ID. Hit that and then log in with your Apple ID. To the left is a link to click, called Passwords and Security. You’ll need to answer two security questions to bring up the Manage Your Security Settings section. You’ll see under that a link, Get Started. Click it. Type in your phone number and you’ll get a texted code. Another option if your phone isn’t handy is a “recovery key” unique password; you can set this up.
LinkedIn. It’s called “Two-Step Verification”. On their site, hover over your avatar. This will trigger a drop-down menu. Here, click Privacy and Settings. At the bottom is Account. Click that and you’ll see Security Settings to the right. After clicking that you’ll see Two-Step Verification for Sign-In. Click Turn On, then put in your phone number to get your code.
- Your smartphone needs to have unlimited text messaging capability. The last thing you want is to be waiting for the code and it doesn’t come.
- What if an account doesn’t have two-step authentication? Look over the site and see if there’s something else that you can add to the password login. This might be a phone call where a voice gives a code. It could be an e-mail message that sends a code.
The messages that you get that provides the unique code are supposed to provide only the code. They are not supposed to request other account information. If one does, it’s a scam.
Robert Siciliano, CEO of IDTheftSecurity.com, is committed to informing, educating and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.