At some point in your online life, someone is going to try to hack an account you have for one reason or another. It will undoubtedly be some malicious program, or person, who could have obtained your username and/or password through some nefarious way. The moment this happens, you have to lock down your accounts. Chances are also that you use the same password across multiple accounts to login, which isn’t the best practice, but in reality, everyone does it.
Assuming this is the case, changing your password only may not be the best option. If a hacker or hacker’s program has gotten access to one of your online accounts, they more than likely will have access to the rest of them too. In addition, changing your password only may not work because they could easily be monitoring your email address, so when the password is changed, they will know and may be able to intercept it.
So what’s a person to do? Simple. Set up 2-Step Login verification on your accounts. It’s easy to do, and only takes a few moments to setup. If the hacker has your password, it’s meaningless to them when you have 2-Step Login verification in place. Ideally, the setup of 2-Step Login verification would be done prior to ever being hacked, to avoid it all-together.
2-Step Login verification uses your mobile device to authenticate who you are. This works because only you have access to your mobile device, as it’s a physical tangible thing that have in your possession. In addition to your regular login, this makes hacking your accounts near impossible. To add additional security, pass codes used in 2-Step Login verification are only valid for about 30 seconds after being sent by text.
The basic concept is that when you login to an account with your regular username and password, you will then be sent a pass code via text message to your mobile device. You will then enter in that code when you login, authenticating who you are by your regular login, and the pass code sent to you. This only needs to happen once per computer, every 30 days. You can set your computer to a “trusted” computer, to avoid having to enter in this pass code every time you login which is a nice feature. So if a hacker in another country tries to enter in your login information, they won’t be able to because they won’t have the pass code that was sent to your mobile device by text.
How to set up 2-Step Login verification for Google:
First, you will need to go to the Google Setup page and click Start Setup. Enter in your mobile phone number and click Send Code. From here on out, it should be self-explanatory. Google will send you the code, you enter it and click “trust this computer” so that anytime you login to your Google account from this account for the next 30 days, it’s trusted and only accessible by you. This protects you on all your Google accounts (Google+, Gmail, YouTube, etc). You can do this for multiple computers too (let’s say you login from home, work, and your phone).
How to set up 2-Step Login verification for Facebook:
Facebook works just like Google. After logging into Facebook, go to your Account Settings Security Tab, and click on Login Approvals. The process is almost identical as Google, where you will need to send a code to your mobile device, enter it into Facebook, and you will be protected. Make sure to mark your computer as trusted, so you don’t have to enter the code every time you login to Facebook. This also can be done on multiple computers.
How to set up 2-Step login verification for Twitter:
The setup for Twitter is just like Google and Facebook. After logging into Twitter, go to the Twitter mobile device setting page. You will need to enter in your mobile phone number, and again, get the pass code sent by text to you and enter it in to authenticate. Unfortunately with Twitter, the behavior when you login is not like Google and Facebook.
Twitter actually requires a pass code every time you login – there is no “trusted” computer option with Twitter. I would say this is a huge disadvantage which I bet will dissuade some users from not using 2-step authentication process, which is not good. If you think your account has been compromised recently, I would turn it on anyways and just deal with it for a period of time until you are able to lock down all your accounts. Hopefully in the future, Twitter will adopt the same options that Google and Facebook have to trust your computer.
If you have any questions on how to set this up on your accounts, leave me a comment below!