JerryGamblin.com.

About once a month I will get a call from someone who is upset because their account was hacked and wants to know what they can do to stop it from happening in the future.  The truth is enabling two factor authentication (2FA) is one of the best things you can do to make sure your accounts don’t get hacked.  

Here is a list of popular services where you should enable 2FA:

• Google/Gmail: Google’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with the Google Authenticator app for Android, iOS, and BlackBerry. You can save each machine for 30 days. You can enable it here.

• Facebook: Facebook’s two-factor authentication, called “Login Approvals,” sends you a 6-digit code via text message when you attempt to log in from a new machine. It also works with apps like Google Authenticator for Android, iOS, and BlackBerry, as well as the “Code Generator” feature of the Facebook app. You can also authorize a new machine from Facebook.com on a saved machine if you don’t have your phone handy. You can enable it here,
• Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine. You can enable it here.
  
  
• Twitter: Twitter’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here,

• Dropbox: Dropbox’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with Google Authenticator and a few other similar authentication apps. You can enable it here.

• PayPal: PayPal’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can read more about it and enable it here.
  
  
• Microsoft Accounts: Microsoft’s two-factor authentication sends you a 7-digit code via text message or email when you attempt to log in from a new machine, though it also works with a number of authenticator apps. You can enable it here.

• Yahoo! Mail: Yahoo’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here.

• LinkedIn: LinkedIn’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here.

You should also check out twofactorauth.org to see if other accounts you use have the ability.

How to shuck corn like a man.

I have a Samsung S3 that decided it wouldn’t boot on Wednesday.  After talking to the very helpful people at Samsung they decided that they can replace my phone for me but I need to send them my broken phone.

Awesome!

But…

All my data is on my phone. All my email. All my passwords. All my texts. All my pictures. I have backups and I have a password on my phone but I still have to send my phone back to a company who could access it if they wanted to. 

So what is a security professional to do?  Normally I would just wipe my phone and send it in but since that isn’t an option I am stuck with either keeping a $400 brick or possibly exposing my data to Samsung.

I guess I have a $400 brick.

GodMode is a control panel In (Windows 7 and Windows 8) that brings together all of the customization settings to one place.

To activate “GodMode” do the following:

Step 1: Right click on the desktop

Step 2: Click create folder.

Step 3: Name the new folder: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}  and press enter.

Step 4: The folder changes form a folder icon to a control panel icon.

Step 5: Open the folder and you have your god mode control panel.

Earlier today I was asked to come up with the best way to keep your social media accounts secure.  Here are 5 easy ways to protect your social media accounts:

Update accounts with unique, complex passwords.
Complex passwords will contain a combination of upper and lower case letters, symbols and numbers, and have at least ten characters.

Change your password often.
No matter how complex your password is it is necessary to change it regularly.  Normally I suggest changing your social media passwords two times a year.

Enable Two Factor Authentication.
Google, Facebook and Twitter all offer two factor authentication.  Enabling it allows these services to know that it is you logging into your account and not someone else.

Review apps and add-ons regularly.
Review all apps and add-ons associated with your social media accounts at regular intervals. Remove apps and add-ons you no longer use or post to your social media accounts without your permission.

Log out.
Remember to log out when you are finished using it. It is an easy and highly effective step to protect your account.

In two weeks I am on a career panel for a group of high school kids interested in technology careers. They sent a list of discussion questions they were going to use to get the conversation started and one of them was:

What does it take to be successful in information technology?

The answer to this question I always give is:

If you want to be successful in information technology and life in general you need to implement the no no rule.

The no no rule is extremely simple:  When asked a question your first response should never be no. 

The two none yes responses I use are:

1) Ask for more information or clarification.
2) Ask for time to research a solution.
 
In a lot of cases (especially in security) after you ask for clarification or time to research the answer may still be no but you will have given the question some real thought and understanding and the person making the request wont feel like you are ignoring them.  A lot of information technology professionals get a bad reputation because they say no to often.

The DBA in my office doesn’t read my blog and kept trying to convince me her CD-Rom kept opening up randomly until she finally broke down and caught it with her iPhone.