January 4, 2013

Keeping data a bit more secure - 1Password & 2-Step Verification for Google account

Using the same password for multiple online services is probably one of the most common online sins. We do it because remembering tens or hundreds of unique, strong passwords is extremely burdensome. Unfortunately sharing passwords between services make you susceptible to cascading hacks when one service get its unencrypted or weakly encrypted password database hacked.

There's likely no perfect way to protect against hacking (and I'm no security expert), but there are some relatively straight-forward steps to take to protect passwords and data access. Some basic ones are: use password/pin to access computer/phone, encrypt your hard drive and use SSL when logging in to web services.

Last year I took two additional steps to beef up my online security by starting to use 1Password to generate and manage unique, strong passwords and adding 2-Step Verification to my Google Account.

Both are a little bit of a hassle, but personally I find the trade-off ok.

1Password is available for Windows, Mac, iOS and Android. For Windows and Macintosh it has browser plug-ins that makes logging in to a web site quite effortless. It generates unique, long passwords so if a hacker has your login and password for one service, he can't login at other services with the same combination.

With Google's 2-Step Verification you have to enter a code in addition to your password the first time you log in to your account on a new device. The code is sent to your mobile or generated by an application called Google Authenticator (available for Android and iOS). For personal use, it mainly serves to make it more difficult to access your Gmail account even if your password has been hacked. With password recovery tied to your e-mail, protecting your e-mail account from being hacked is of special importance.

Taking these two steps, should hopefully significantly decrease the risk of your accounts being accessed by hackers.

1 comment:

Antti Vilpponen said...

I've used 1Password for quite a while and really like it. I think the key to that is that whatever the password you use to access the app is, you never use that online - just to be extra safe (so even if someone hacks one of your services, it does not open the port to your other pwds).