Two step authentication for dummies using Facebook

Two step authentication is not a stuff of science fiction

Two step authentication/ verification is a security method where access to an account is granted only after two or more authentication factors/ information are provided. Our common understanding of securing access to an account is by setting up a Username and Password. Most people consider the username and password as two-factors for authentication and feel it is enough to provide proper security. This kind of understanding is wrong. Both your Username and Password are considered the same kind of authentication factor (Knowledge- something you know). The other two commonly used authentication factors are: i. Possession (something you have): an example of this is a hard token/ secure ID.  ii. Inherence (something the user is): an example of this is a biometric scan like finger-print or retina-scan. Two step authentication/ verification utilizes a combination of two or more of the three authentication factors mentioned above.

Most people have heard of these authentication factors, but very few of them actually utilize them for their own security. This is mainly due to the fact that most people think adding a second authentication factor is too expensive- I have to buy a secure ID? or I have to buy a retina-scanner??? Or some people feel like these types of authentication/ verification process is reserved for the 007's of the world or for Fortune 500 executives. 

I hope to shatter that mentality in this series of posts and show you how to add two step authentication/ verification to many of the popular web services that we use. I will start with social media services as they are the most widely used and least secured by its users.

Facebook

Everyday, our lives are getting more and more integrated into social media slowly blurring the line between the virtual world and the real world. Gone were the days when we clearly understood the distinction between our online presence and our physical presence in reality. 

Today, so much of our lives are started, developed and ended in social media. People have started and/or nurtured real and meaningful relationships through social media and careers have been launched and destroyed through social media too. 

Today, more than ever, vulnerabilities in our social media presence affect us in very real ways. How many of you have had your Facebook account hacked? Your private messages posted for everyone to see and your pictures published in random walls for the world to see? People have taken their own lives due to the humiliation they encountered in social media due to a hacked account. Having a hacked Facebook account is not only about social humiliation, it can have real and lasting financial impact too. 

People today are so eager to share their lives to the world through social media. We have seen people share information about their lives that used to be shared only within very close friends. The information we store, and share through these social media services are not always only the mundane (ie. selfies and cat photos). Access to our email and phonebook might sound very trivial but could be very vital to a fraudster- considering the fact that social media accounts also store information like your age, phone number, address,  and - yes - Credit card information too (for in-app purchases and premium features). Very few people are aware of the financial implications of getting their social media accounts hacked. Most people think that their Facebook account only holds cluttered information that has no real financial value. Most people still feel that their social media life and information is completely detached from their real lives. This kind of mentality is the key vulnerability that fraudsters are feeding on. This mentality is the reason why so few people are concerned about securing their social media accounts. How many times have you used a public computer, launched a web browser, typed in www.facebook.com and voila it auto-loads/ logs-in somebody's Facebook page? How many of you have allowed your browser to remember your password? These are very common mistakes that can have very serious consequences. So, let's say you do not do any of these and that you have set a super complicated password like rQ40Tl#1fW. Does this mean you are super secure? The answer is - "maybe". Having a super complicated password for your facebook account is cool, but it is still weak in a sense that you are granting access to your account using only one authentication step. 

The password has been the most common method of securing our online accounts and for years it has been easily bypassed and proven insufficient. Now, since most of us do not have the brain memory to memorize passwords like "rQ40Tl#1fW", we have to settle with something more simple and secure- 2 step authentication. 

The steps

So, how do you enable two-step authentication on your facebook account? Follow the steps below:

Step1 - Go to your Facebook "Privacy Settings"
and click on  "Security" from the left Tab.
Step 2 - Once in the Security options of your Privacy Settings,
click on the "Edit" button for "Login Approvals".
Step 3 - You will then be presented with this screen
explaining how the added security feature works.
Click on "Get Started".
Step 4 - Enter a nickname you would like to assign for the browser
you are currently using to access Facebook.
(this works as an extra layer of authentication by itself)
Step 5 - You will then be presented with this box
explaining how the Security Code Delivery works.
Click "Continue". Note: The default Code delivery is through a Code Generator directly from Facebook Mobile app. If that is not available, you will receive the code through an SMS.
Step 6 - Select your country and your phone number. Click "Continue".
Step 7 - You will then be presented with this box
explaining that the added authentication options will not be enabled
for another week. If you want to enable it right away, click on the check box
that says: "No thanks, require a code right away."





Comments

Post a Comment

Popular posts from this blog

Justice is blind but the scale is rigged when it comes to whistleblowers.

Image
General David Petraeus was sentenced to two years probation and a $100K fine for leaking classified information (link to  plea deal ). This sentence is nothing short of an insult to the justice system in the United States. It is a clear example of how the justice system in the United States is rigged.  Let us recall what got Petraeus into this mess by looking at two things - i. What did he leak? ii. What was intention for leaking the information?  What did he leak? Petraeus leaked names of covert operatives, war plans for US forces, and detailed discussion with senior officials including the US President. This information was contained in notebooks that Petraeus kept for himself. He then gave Paula Broadwell access to these notebooks to help her write his biography. The information contained in those notebooks are highly classified by any standard and had the potential of endangering US covert operatives.  When Chelsea Manning leaked the Afghan war-logs to WikiLeaks th
Read more

Tim Cook on Privacy.

Apple is leading the way in promoting user privacy in the digital age and recently Apple CEO Tim Cook delivered a speech during an event in Washington where he made some very important and controversial points about privacy in the digital age.  "Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security...We can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.” This statement is supported by Apple's action being the first major phone manufacturer to make encryption as a default in its Operating System. It goes to show how serious Apple is in protecting customer privacy and in not making money out of customer information. There are hundreds of millions of iOS devices all over the world and each one is connected to the internet. Whenever these devices connect to the internet
Read more

How a robbery in 1976 robbed US citizens of their privacy in the digital age.

B altimore - Shortly after midnight on March 5, 1976 Mrs. Patricia Mcdonough was robbed just outside her home. She was able to take a good look at the robber and his 1975 Monte Carlo automobile. A few days after the robbery, Mrs. McDonough started receiving threatening phone calls from the man claiming to be the robber. Mrs. McDonough started recording some of these threatening phone calls and notified the police. On March 13, the police asked the telephone company to install a terminating accounting equipment on Mrs. Donough's telephone line to determine the origin of the calls she was receiving. The police found out that most of the calls were made from pay-phones near McDonough's residence.  On March 16, in the general vicinity of Mrs. McDonough's home, someone asked a police officer for help in opening the locked door of his 1975 Monte Carlo. The officer helped the man, took down his plate# and notified the investigating officer.  The police ran the plate # and tra
Read more