Account Security and Gmail

Given the recent rash of web break-ins I thought it would be interesting to talk about personal security. Here are some steps you can take to keep yourself secure. The basics of course are simple things, IE use good passwords that are at least 8 characters, are combinations of upper and lowercase letters, contain special symbols and numbers. Make the password as long as the site will allow and you can reasonably remember.

Another simple basic is to not use the same password over and over again. For example, when Sony was hacked back in June, a lot of people had their usernames and passwords published on the internet. If you use the same name and password everywhere, it’s just a matter of time before someone hacks one of those sites and you’re compromised. Take the effort and do something unique for each site to keep yourself safe.

I was recently playing with Gmail, which I haven’t used much until lately. As I was setting up my account, I noticed they have a two-step authentication option. You should be able to see this on your settings page. If it’s not there, it’s probably because you’re using Google Apps and you need to talk to your domain administrator – it’s worth it.

So if you set this up, it basically does a phone text or voice message at the point when you try to login. For example, if I go to and login, it will send a text message to my cell phone, and I get a unique code I need to login. I always have my phone, so it’s not inconvenient, and someone trying to get into my account needs to know my username, password, AND have my cellphone on them. At that point, I’ve got bigger problems.

Given the number of people who use gmail, this is probably something you can do yourself right now. Go ahead, give it a try. If you’re using other Google services, this can be critical. For example, the Foss Patents blog that I follow was shutdown because the author’s gmail was compromised. Using two-step authentication will help you avoid such problems.

What other simple tricks have you run into? Let me know.

Ranting about Software, Security and Tech