Do you want the reassurance of knowing your Google account is properly secured? Have you had your Google account compromised before and never want to have to go through that mess again?
Previously we have written articles on important steps for all Google users (this means anyone that has a Gmail or GSuite account). Here are the most important ones:
If you don’t have 2FA (two factor authentication) enabled yet, you should probably do that first and then come back and read on. Sadly, only 10% of Google users have enabled 2FA although it has been available for over 7 years and is dead simple to use. Don’t be in that 10%!
Google has recently released an even stronger form of authentication utilizing a physical device instead of a 2 factor code you receive via SMS or an app on your device. This may not be for everyone, but if you want the strongest protection for your Google account make sure you read all about it on their site here: Google Advanced Protection Program
So in review, if you don’t have 2FA enabled yet, you should that now. If you want even stronger protection, maybe this new Google device is for you.
Don’t wait until it’s too late before securing your online accounts.
XYZulu take security very seriously and we want you to do same. We are pleased to announce that 2 factor authentication (2FA) is now available to all our valued clients.
To activate two factor authentication, please visit our support article: Enabling two factor authentication (2FA) for your XYZulu Customer Portal login
What is 2FA?
Please read this post: Why do I need 2FA?
Another security essential is using a password manager. Please be sure to read this post: Overwhelmed with passwords?
Let us help you to stay safe online!
Almost every week a new item hits the news about compromised computer systems and stolen passwords. Do you know that passwords are actually sold on the black market for real money? Why? Because compromised passwords can, and are, being used to steal real money from internet users.
compromised passwords are being used to steal real money
Here is just one recent news item: Millions of stolen passwords and email addresses sold online
Are you at risk?
Yes, if you fit into any of these 3 categories:
- You use the same password on more than one website
- You don’t use a password manager
- You don’t have 2FA (two factor authentication) enabled
Lastpass has outlined more details on why passwords matter, and what you can do to protect yourself. Please read this important article here: The 411 on the Password Black Market
Another sobering reminder about why you should never use the same password on more than one website is explained in this video: Password Cracking
How CAN I protect MYSELF?
At the very least:
- Never use the same password on more than one website
- Use a password manager so that you are not overwhelmed with passwords
- Enable 2FA (two factor authentication) on any accounts of yours that support it
Does you or your business need further help on your IT security? Contact us for more information on the consulting services we offer. If you have any questions regarding this article, please let us know below.
Instead of typing your password each time you sign in to your Google Account, you can have a prompt sent to your phone.
Security is important, but constantly having to type your password and enter your 2FA (you know, those codes that change every 30 mins) code can be tedious. You already have 2FA enabled I’m sure, but what about this new feature released by Google today? How does this work? Is it secure? How do you enable it?
How does it work?
You simply tap the notification on your phone from Google to confirm, and you’ll be signed in quickly and securely. If your phone isn’t nearby, you can select “Use your password instead” on the sign-in screen.
Is it secure?
Yes. It’s a second factor authentication. Google knows if you are logged in using your phone, and this only works with phones that have either a passcode or fingerprint lock enabled.
I want it, how do I make it happen?
Simply follow the steps in the Google guide: Sign in with your phone instead of a password You will need to ensure you have the “Google Search” app installed, however most of you will already have that installed on your Android or iPhone.
Another simple guide from Google is here: New settings for 2-Step Verification
It is a secure two factor authentication process
Do it! Let us know how you go or if you have any questions.
Sounds geeky, but this is serious. If you have not heard about 2 FA or two factor authentication it means you are not yet using it. Are you using a password manager yet? As well as a password manager you need to be using 2FA on any websites that offer it. Especially your main Google/Yahoo/Facebook should have 2FA enabled for your own protection.
So what is 2FA and how does it work to protect you?
When logging in to an account with 2FA enabled you need a password and a one off code that is sent to you via SMS or generated by an app you have. It’s something you know (your password) plus something you have (your device that receives the SMS or generates the code). If someone was able to login to your email account, for example, imagine the damage they could do. They can probably even reset your banking login and empty your bank account. Enabling 2 factor authentication means even if your password was stolen from another site you use it on, a malicious user will still not able to login to your account. Not just a handy feature, an essential feature you should enable. Google have a nice page that explains more here: 2 Step authentication – how it works and 2 Step authentication – why you need it
How hard is it to enable?
It’s very simple. Just select the 2FA or 2 step authentication option in your account settings. If you are not sure where to find this option, please let us know in the comments below and we will help you out. Once enabled, you will have taken a big step forward to ensure that you are protecting access to your online information, including your banking details.
What about an app to manage all your 2FA codes?
While many 2FA codes are sent out via SMS, you can usually select to receive your codes via an app. Authy is our pick. It makes managing all your 2FA codes even on multiple devices simple. Another option is Google Authenticator.
Oh, and LastPass (password manager) allows you to use 2FA as well, offering you that extra layer of protection your many passwords need. Have a look at how simply their own 2FA (authenticator app) works, see: lastpass.com/auth/. We have an article on Lastpass that you should also read, see: Overwhelmed with passwords?
So, in summary, please use a password manager and enable 2FA on any sites that offer it. 2FA is easy to use now, and makes it highly unlikely someone will be able to login to your accounts if enabled.
Please leave a question or comment, we’re happy to help you improve your security.