Wednesday, September 3, 2014

How two-step logins protect iCloud, other accounts

http://www.usatoday.com/story/tech/personal/2014/09/02/two-factor-authentication/14954565/

A massive photo leak targeting celebrities including Jennifer Lawrence, Kate Upton and Kirsten Dunst has raised concerns over the safety of using services such as Apple's iCloud.
Reports suggest hackers used "brute force" attacks through Apple's Find My Phone feature to figure out account passwords and gain access. Apple tells the Associated Press it is investigating whether any iCloud accounts have been affected.
Once again, the hack is another reminder to practice proper password etiquette. But for many sites, including iCloud, users can opt to turn on an extra layer of security called two-factor authentication.
When two-factor authentication is enabled, a user will receive a special code sent to their mobile device once they've entered a password. After entering the code, users gain access to their accounts.
Some sites like Facebook and Google will recognize your browser, so once you've approved a computer, it won't ask for codes beyond the first time a user logs in. Others like Twitter require a code every time when two-factor is enabled.
In the case of Apple, users receive the code through text message or Find My Phone. They also get a master Recovery Key that Apple suggest users write down and store in a safe place in case they're locked out.
Yes, it's a bit of an inconvenience, but better than cleaning up after your account has been compromised.
Sites vary on the process for enabling and using two-factor authentication. Here's a list of some of the bigger sites that use two-factor authentication, with links to setting up the feature: