Even if you’re not a celebrity you may be concerned about the news that the photos of famous folks were obtained by hackers who then published them for the world to see. When we store files in the Cloud, we rely on the security of our passwords for protection. Sometimes that security isn’t enough but the good news is that you can add an extra layer of protection against hackers.
While we don’t know exactly how the photos were obtained, yesterday Apple said its investigations showed that iCloud was not hacked but that:
“certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions…To protect against this type of attack, we advise all users to always use a strong password and enable two-step verification. Both of these are addressed on our website at http://support.apple.com/kb/ht4232.”
You can protect yourself and prevent many of your accounts being accessed by others by using 2-Step Verification so that entering a password isn’t enough to gain access to your accounts. By using 2-Step Verification you’ll have an added layer of security to greatly reduce the chances that your accounts will be hacked.
Even after you take enable 2-Step Verification on your accounts, you should still protect your accounts with strong and unique passwords.
What Is 2-Step Verification
2-Step Verification, sometimes called 2-Factor Authentication, means that you have to take two steps to log into an account. You not only have to log in using your password but you have to take a second step to verify your identity. Often the two steps involve something you know, such as your password, and something you have, such as your cell phone.
To sign into an account using 2-Step Verification you log into your account using your user name and password, then you’ll get a notice that a passcode was sent to your cell phone. The passcode will be sent to you via text message to your cell phone so someone who has your user name and password can’t log into your account without it.
After you enable 2-Step Verification for an account, you’ll be required to enter that passcode when you log into your account on a new computer or mobile device. If you stay logged into your account or check “Remember This Device” then you’ll only have to use 2-Step Verification the first time you log in to your account on that device.
This video from Google explains how 2-Step Verification works:
What If You Don’t Have Access to Your Cell Phone?
Many services have alternate methods of verifying your identity in case you don’t have your phone, the battery is dead or you don’t have cell phone service. You may be able to enter a different code or generate a new code from a trusted device. Make sure to check the instructions when you enable 2-Step Verification for your account.
Here’s a video from Google showing what to do if you can’t use your cell phone but want to log into your Google account using 2-Step Verification:
Accounts that Offer 2-Step Verification
Google was the first service offering 2-Step Verification but many others have followed Google’s lead.
You can set up 2-Step Verification for the following services. Click on the links to begin the process to enable 2-Step Verification for your accounts:
☞ Also see, http://twofactorauth.org/ for a much longer list of websites that support 2-Step Verification.
Google Authenticator App
You can also use the Google Authenticator app to generate security codes for 2-Step Verification for Google and other services, such as Dropbox, Evernote and Facebook. After you enable 2-Step Verification for your accounts you link them to the Google Authenticator app to generate passcodes without a text message.
The Google Authenticator app is available free for:
One More Thing: 2-Step Verification Doesn’t Actually Work to Protect Photos in iCloud
If you’re a celebrity whose photos were stolen from iCloud and you didn’t have 2-Step Verification enabled for your Apple account, don’t feel bad. Well, okay, you can feel bad about the photos being stolen, but don’t blame yourself for not having your Apple account protected by 2-Step Verification.
According to Tech Crunch, enabling 2-Step Verification doesn’t protect many of iCloud’s services, in spite of Apple’s press release yesterday advising users to enable 2-Step Verification.
Apple’s 2-Step Verification only protects:
- Signing in to My Apple ID to manage your Apple account
- Making iTunes, App Store, or iBookstore purchases from a new device
- Receiving Apple ID-related support from Apple
Apple has scheduled a meeting on Tuesday of next week where it may announce the launch date for the anticipated expansion of iCloud services. At WWDC in June the company introduced us to HealthKit and HomeKit, which are due this fall and will allow us to access our health records and home information remotely.
Due to the Tech Crunch article and the impending expansion of iCloud services, I expect Apple to update 2-Step Verification to include iCloud services in the near future.
Do you use 2-Step Verification for extra security on your accounts? Do you think the added protection is worth the extra step to verify your identity? Have you ever had an account hacked? Let us know in the Comments section below!