Wednesday, July 5, 2017

How to secure your Google (or GMail) account using two-factor authentication

A few days ago, my cousin had her Gmail account hacked. The hacker immediately changed her password, recovery questions and mobile number.
Therefore, she had to fill in this form (https://www.google.com/accounts/recovery/) and to wait for Google's support.

The hacker checked her public data on Facebook, read her mails and sent messages to all her contacts asking for financial help.

How could the hacker find her password?
The password was probably too weak or she might have used the same password on another website that could have been hacked.

How to secure my Google account?

  • Use a strong password:
    I recommend using at least 8 caracters, with lower (ABC) and uppercase (abc), one number (123) and one special caracter (/*!-@...)
  • Use a different password on every website or application:
    I know, this might seem difficult but you might use keepass to help you or you could use the same password with the 3 first letters that changes depending on the website's first letters for example.
  • Use two-factor authentication

What is two-factor authentication?

Two-factor authentication (also known as 2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication.
Résultat de recherche d'images pour "two steps google"A good example from everyday life is the withdrawing of money from a cash machine; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out. (source: Wikipedia)
In the case of Google, you will log in as usual but a second step will be necessary to validate your identity. This second step will require your smartphone, and you will need to type a code, displayed on your mobile, that changes every few seconds, or to validate by clicking "Yes" on your mobile.
This means that even if someone knows your password, he will not be able to login if he doesn't have access to your mobile. Nice, isn't it?
Don't worry, you will be able to recover your access even if you lost your mobile by using other methods of validations.

How to enable two-factor (2-steps) authentication on for my Google account?

  1. Go to the 2-Step Verification page. You might have to sign in to your Google Account.
  2. Select Get started.
  3. Follow the step-by-step setup process.
  4. Once you're finished, you'll be taken to the 2-Step Verification settings page. Review your settings and add backup phone numbers. The next time you sign in, you'll receive a text message with a verification code. You also have the option of using a Security Key for 2-Step Verification.

No comments:

Post a Comment

How to secure your Google (or GMail) account using two-factor authentication

A few days ago, my cousin had her Gmail account hacked. The hacker immediately changed her password, recovery questions and mobile number. ...