GadgetGuru
V.I.P. Member
(Sorry if this doesn't belong here)
I just wanted to make a PSA to everybody about the importance of Two Factor Authentication. Two Factor Authentication is the practice of having two factors whenever you log in. One thing you know (a password) and one thing you have (a cell phone, USB Yubikey, one of those RSA keyfobs with the numbers that keep changing). This is important because a potential thief would need to know your password and physically steal something from you in order to access your online accounts.
Why am I talking about this? There's been a small string of Bitcoin robberies (Getting Hacked, Lessons Learned – AVC) where hackers have been able to steal a person's Bitcoins. This is the equivalent of somebody logging into your bank account and wiring all of your money away. It's absolutely terrifying.:jaw:
There's a couple takeaways from all of this:
1) Use a different password for everything. LastPass, 1Password can help immensely. Or, at the very least, use unique passwords for the important things. Email? Unique password. Bank? Unique password. IU account... Unique password (you can see where I have my priorities )
2) Turn on 2-factor authentication (2FA) with your cell phone for everything. This means when logging into a website, you type in your password, and then you type in a special code from your phone. Sometimes these codes are texted to you (that's not great, but sometimes necessary) and sometimes you have to use a special app like Google Authenticator (so much better). You can find instructions for many websites here: Two Factor Auth List
So, why am I talking about this to all of you? Because, one of the many reasons IU is awesome is that they support real 2FA! Serious props to IU for doing this (even if it was on accident).
How do you enable 2FA?
1) Just go to the "Your Account page" by clicking on your username in the upper right and then clicking on any of the boxes.
2) Click on Two-Step Verification on the left hand side of the screen.
3) Download the Google Authenticator app on your phone (iOS + Android).
4) Back on IU, click "Verification Code via App." Don't do Email confirmation. App based 2FA is by-far the most secure.
5) Follow the instructions. It'll involve using the Google Authenticator app to take a picture of a QR code, or typing a massively long string into the app. There's a verification process involved too, so you can't mess the process up and accidentally lock yourself out of your account.
Then, do this for every other site you have!
Just an additional note: This does mean that you'll need to open the Google Authenticator app every time you log into IU or other sites you've set this up. Logging in will take some extra time. And if your phone battery is dead, you're out of luck. I promise it's worth it to make you more secure. Every site you use should have this enabled.
Thanks for listening! If you have any questions, or are confused, let me know!
I just wanted to make a PSA to everybody about the importance of Two Factor Authentication. Two Factor Authentication is the practice of having two factors whenever you log in. One thing you know (a password) and one thing you have (a cell phone, USB Yubikey, one of those RSA keyfobs with the numbers that keep changing). This is important because a potential thief would need to know your password and physically steal something from you in order to access your online accounts.
Why am I talking about this? There's been a small string of Bitcoin robberies (Getting Hacked, Lessons Learned – AVC) where hackers have been able to steal a person's Bitcoins. This is the equivalent of somebody logging into your bank account and wiring all of your money away. It's absolutely terrifying.:jaw:
(Yes, I know that the article exposes some faults in some implementations of 2FA and can make you scared, but the takeaways are the important part. It's all about the small things you can do to help take you from being 10% secured to being 90% secured. Hackers go for the low hanging fruit. This is a tangentially related article, but it reminded me to double down on 2FA, which how I found out about IU's 2FA support.)
There's a couple takeaways from all of this:
1) Use a different password for everything. LastPass, 1Password can help immensely. Or, at the very least, use unique passwords for the important things. Email? Unique password. Bank? Unique password. IU account... Unique password (you can see where I have my priorities )
2) Turn on 2-factor authentication (2FA) with your cell phone for everything. This means when logging into a website, you type in your password, and then you type in a special code from your phone. Sometimes these codes are texted to you (that's not great, but sometimes necessary) and sometimes you have to use a special app like Google Authenticator (so much better). You can find instructions for many websites here: Two Factor Auth List
So, why am I talking about this to all of you? Because, one of the many reasons IU is awesome is that they support real 2FA! Serious props to IU for doing this (even if it was on accident).
How do you enable 2FA?
1) Just go to the "Your Account page" by clicking on your username in the upper right and then clicking on any of the boxes.
2) Click on Two-Step Verification on the left hand side of the screen.
3) Download the Google Authenticator app on your phone (iOS + Android).
4) Back on IU, click "Verification Code via App." Don't do Email confirmation. App based 2FA is by-far the most secure.
5) Follow the instructions. It'll involve using the Google Authenticator app to take a picture of a QR code, or typing a massively long string into the app. There's a verification process involved too, so you can't mess the process up and accidentally lock yourself out of your account.
Then, do this for every other site you have!
Just an additional note: This does mean that you'll need to open the Google Authenticator app every time you log into IU or other sites you've set this up. Logging in will take some extra time. And if your phone battery is dead, you're out of luck. I promise it's worth it to make you more secure. Every site you use should have this enabled.
Thanks for listening! If you have any questions, or are confused, let me know!
Last edited: