Strong Passwords and Two Factor Authentication on Social Media
This brief post is in response to a Facebook conversation I saw regarding local community leaders and public figures having problems with attempts to access their social media accounts.
I’d like to recommend two steps:
- Use strong passwords
- Switch on two factor authentication
Go to https://www.grc.com/ppp.HTM which is Steve Gibson’s Perfect Paper Passwords. Make sure you set the length of the password/pass-code you need – default is 4 you should use 10-12 (or more).
This will give you three pages of passwords you can use for all your accounts. Cross them off the list as you use them. Use a different password for each account.
This avoids people inadvertently using patterns or reusing passwords. You must use a different password for each account, to protect yourself if a service provider has a security breach and hasn’t encrypted passwords. You don’t want one breach providing the keys to all your online services.
Two Factor Authentication
Two factor authentication involves adding a factor when logging on to a service as well as your password. This can be a code via text message that is only good for a few minutes, a fingerprint or retina scan. At the current time the text message to your mobile is the most common approach.You then enter the code you have been sent. The code expires after a few minutes – so it is a one time code good for one use only.
For those of you with a historical leanings, one time codes date back to World War Two where flammable one time pads were used to co-ordinate forward air support.
To enable two factor authentication in your social media services look for settings option in your social media service. Then look for security settings. You are looking for the option where you are sent a code on your mobile phone when logging on (or in some cases where logging on a device other than your main device). It could be listed as login verification or authentication. You will then be taken through a test process that will text you a code and validate it.
Google+, LinkedIn, Twitter and Facebook all have options for two factor authentication. Your service may also have options to let you know about log in attempts from unknown devices.
If you are feeling insecure check here https://haveibeenpwned.com/ to see if your accounts may have been exposed in data breaches – use your email addresses you use with online accounts.