Simple Security Improvements with Your Mobile Device

Two, 2-minute security improvements to secure your account

My inbox receives between 100 and 200 work emails daily – so far, as of writing this at 4:11pm, I’m up to 155. I won’t share my personal email stats – it usually creates panic attacks for my auto-tagging, auto-sorting colleagues who make an empty inbox a daily goal (haven’t they ever heard of search?! LOL).

Given the daily deluge, the juxtaposition between these two emails that both came in at 2:04pm this afternoon struck that cynically ironic chord that kicks in around mid-afternoon:

Subject #1: CNN – Hack raises concern about cloud storage
Subject #2: Data Breaches May Be on the Decline – Health IT Weekly Digest – August 8, 2012

The first told the particularly insidious goal of scaring the bejeebers out of what can happen if someone manages to get that first login credential and proceeds to annihilate all related, links accounts and precious cloud storage (pics, emails, tweets … you get it).

Now, while I sincerely hope that the second email ends up being the true predictor of improved online security, I think the ever-increasing security entry points that mobile phones present to secure information (your files, payment info, medical info, family info), will make data breaches ongoing fodder for the headlines.

In the interest of not wanting to be a statistic, I set aside the procrastination for about five minutes .. just long enough to make an easy, but significant change to my personal email account – in this case, Gmail. I change my work login with incredible regularity, because otherwise I’ll be automatically locked out. But, having no such regulation applied to my personal account, it lapses into the complacent continuity of login credentials. Resemble that? Here are two very quick ways to significantly improve the security of your login credentials.

1. Make your password longer. A LOT longer. Think this means you’ll NEVER remember it? Actually, you may find it easier to remember. Choose a group of words that have meaning to you personally – maybe the name of your aunts all strung together. Or maybe the names of your dad’s cats. The main thing is, make your password as long as possible. Throw in a few uppercase letters and a symbol for accent, and poof! – an instant, exponential increase in the security of your password. Why? Because each additional character you add multiplies the number of possible permutations of your password.
2. If you have Gmail, or an email account that supports two-factor authentication – use it! It’s super easy to set up. I’ll show you how I did it in Gmail – it only took me 2 minutes. Our entire company uses two-factor authentication to connect to our private domain, and so far, no one has suffered untoward consequences. All you need is your phone.

• First, with your phone close by, login into your Google account and go to www.google.com/settings
• Next, look for the “Security” option on the left side under “Accounts” (see below) and click it.

• Now, look for “2-step verification” and change the Status to ON.

Google will ask you to confirm your phone number, and text or call you with a short code. Use this code to confirm your two-factor login settings.

You have the option of remembering your personal or work computer so you won’t have to use your mobile phone every time you login to your day-to-day machines. But if you login from a different computer, or someone else tries to, it will require a passcode from your phone. If an impersonator does not have your phone, they will be out of luck!

Note that I have had one instance in the last few months where my phone was not available to me, and it was a few hours of not being able to access my work domain. For your personal Gmail account, you have the option to prepare 10 backup passcodes in the event that you and your phone become separated.

Have your Gmail account connected to your phone or other accounts? Then you will need to step through the additional process of setting up unique, one-time passcodes for those accounts. Again, it took about a minute.

That’s it. You’ve just saved yourself from the fate of poor Mat Honan, the Wired technology journalist who suffered dire consequences from having his account compromised.

Now take the next step toward security and set up two-factor for your accounts!

Interested in reading more about security? Read our PCI Compliant Data Centers white paper.