We have seen many attacks on user account information in the past years. These kind of attacks have increased as the Internet moved forward to become everyone’s favorite pasttime, and even more than that. Attackers are still making use of phishing attacks, mostly by sending out mass mails, to steal login, financial and identity related information. A second group has moved on though and started to hack the servers and websites directly to download their databases.
With part of the user base selecting weak passwords, it is easy to parse through the database to get a list of working passwords in record time.
Good security begins with a strong password. Opinions differ a lot when it comes to the definition of strong. Most agree that users should not pick dictionary words (like apple), first or last names, teams, brands or other words that may make their way on a word list. If you are asking me, I’d say your password should at least have 12 characters, and if possible at least one upper char, one lower char, one number and one special char. Tgo5ggg3dc_rr4 would be a strong password.
Strong passwords are just the beginning though. Some websites for instance may save your password in plain text. It is a security taboo, as it provides attackers who download the site’s database with all the information they need to wreak maximum havoc on the site and its users.
That’s one of the reasons why 2-factor authentication is so important. This basically adds another log in layer to the login process. Facebook and Google make use of 2-factor authentication.
With 2-factor authentication enabled, you will receive a code on your mobile phone or device that you need to enter to complete the login process. An attacker who managed to steal your username and password, for instance with a keylogger, would not be able to log in to the site if the additional authentication step had been enabled previously.
Google users can enable 2-step verification in their Google account. This link opens the Account Settings page on the Google website
You need to click on the edit link next to 2-step verification to configure the security layer. Please note that you need to enter a mobile phone number during setup. This is the number that Google will send the codes to whenever they are needed.
I suggest you open the official announcement post over at the official Google blog site to read up on the instructions.
Facebook’s 2-factor authentication system works slightly different than Google’s. It only asks for a code if a user tries to log in from a new device. It is still important to activate it to improve the account security.
You can configure the feature here on Facebook’s Security Settings page.
Please note that you need to have a mobile phone number configured in your account to complete the setup.