Why This Gmail User Switched to 2-Step Authentication And You Should Too

A few weeks ago, I took the plunge to change to Google’s 2-Factor authentication for increased security and after reading a horrifying article in The Atlantic about a user’s Gmail getting hacked and all of their email deleted, I’m glad that I did.  From the article in The Atlantic:

At Google I asked Byrant Gehring, of Gmail’s consumer-operations team, how often attacks occur. “Probably in the low thousands,” he said. “Per month?,” I asked. “No, per day,” followed by the reassurance that most were short-lived “hijackings,” used to send spam and phishing messages, and caused little or no damage, unlike our full-out attack. My wife and I, having heard from half a dozen friends who’d recently had similar problems, had innocently imagined that we all were part of some general upsurge in Gmail attacks. In our grandiosity, we thought it was perhaps even aimed at journalists. But according to the experts, while there are more e‑mail attacks worldwide than a year ago, it was mere coincidence that people we knew had been hit around the same time. On average, half a dozen accounts are taken over every two or three minutes, round the clock, including now.

I often say that Google owns my online soul because it’s true.  I switched to using Gmail years ago and since that time I’ve eventually adopted a huge number of Google services to manage my online life – Google Docs, Google Checkout, Google has my calendar, Google Analytics for checking my website traffic..  My Google account contains tons of crucial data.  And while I’ve gotten much better about performing automatic backups of my local data, I’ve not been nearly as good about keeping track of my data in the cloud, and despite knowing better, I’ve been somewhat lazy about my passwords, too.

I haven’t had any catastrophic hacks or data loss events recently, but in general, 2011 has been a year of re-thinking my use of the cloud and third party services, and as part of that I’m also trying to improve my overall “data hygeine” by making backups of cloud based services and improving my password security around the web.  It’s a tedious job and I can’t say it’s been easy.  Some friends have suggested password manager sites like KeePass but I’m still wary and haven’t made that jump yet.  Instead I’ve just tried to do some simple but smarter things like not re-using the same password everywhere and making the passwords I do use longer and more complex – with special characters and not just numbers, spaces if a site allows it.

All of these things are helping me feel a little less vulnerable over-all, and I definitely feel that the switch to Google 2-Factor authentication was a good move even if it’s been slightly inconvenient a time or two.  When I think about how much data is tied to my Google account and how reliant I am on that access to do my day-to-day work, a little inconvenience is a small price to pay for the additional security.

If you don’t know what 2-Factor authentication is, check out Google’s explanation and overview, but basically, I can’t log into my Google account from a new computer unless I can enter the verification code they send to my cell phone.  I have some backup phone numbers available in case I’m somewhere without cell phone service, and a list of backup codes written old skool style on paper in case I don’t even have that.  But generally speaking, this means some random dude from Nigeria cannot log into my account unless he’s also got my cell phone.

If you use Gmail or other Google services, you should switch to the 2-Step Authentication asap.

Again from the Hacked article in The Atlantic:

WHAT ABOUT THE rest of us, who are not security professionals? I asked that of every person I interviewed. Many of their recommendations boiled down to the hope that people would think more about their life online. “We’d like people to view their information life the way they view other parts of their life,” Andrew Kovacs of Google said. “It’s a good practice to review your financial situation every so often, and it’s a good practice to review your passwords and online-account information too.” Another official compared “cloud hygiene” to personal hygiene: you feel bad if you don’t brush your teeth or take a shower, and you should learn to feel bad if you’re taking risks online.

I’ve been feeling bad about the risks I’ve taken online and every step I take to get a little more security helps.  Hope you take those steps too because none of us wants to be the woman in that story.

Both comments and pings are currently closed.

One comment

  1. I use KeyPass Portable (Windows) on a thumb drive, KeyPassX on my Mac, & KeyPass for Android on my phone. They all read the same database format which is very nice. Keeping the 2 computers “in sync” is as simple as keeping the encrypted database on a thumb drive. If there are major updates I can just copy that to my phones SDcard/internal memory, although that is usually behind my primary database.
    I have some passwords that I have NO idea what they are. 30+ characters of random letters. I have to open Keypass to log into those sites. Somewhat inconvenient but at least it’s secure.