PSA: Secure Your Accounts

Apple is warning its users about coordinated attacks on the iCloud storage service. I’m sure there are similar attacks on other cloud providers.

Android Security

But keeping your account information secure and protected isn’t that difficult.

2-step verification

All of the really good cloud hosts have two-step verification enabled for their account holders. I’m really surprised at the number of cloud users who don’t have this protection enabled.

Two-step verification requires two different forms of verification to ensure that you’re the appropriate user. Often, this second verification is a number sent via email or text message that gets entered before allowing access to the program.

google 2-step verify

Google also created the Google Authenticator app to compliment its two-step process. Authenticator generates a verification code about every 30 seconds for each connected account.

Authenticator

The app works in airplane mode, which gives you access to your accounts when you’re not able to receive text messages. I use Authenticator over SMS simply for convenience (I don’t have to wait for a text message).

Get this app on Google Play

Here are links to instructions for setting up 2-step verification on the major services:

Recently, Google announced it’s bolstering 2-step security by adding support for FIDO-compliant security keys.

Google FIDO security key

Google describes the process:

Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.

Security Key seeks to protect users against phishing, and doesn’t require a mobile device or internet connection. Of course, if you only use a mobile device to access websites, or you’re not a Chrome user, Security Key isn’t a good option. I have a key coming, so I’ll describe the features in a future post.

Password, pattern, or PIN

I’ve dropped back to using a PIN to unlock my phone. Android 5.0 has a “trusted device” option, so it’ll keep the phone unlocked as long as it’s connected to my Android Wear watch (or other Bluetooth device). Upon disconnect, I’ve set up a 6 digit PIN that’s required to unlock my phone. On my other devices, I use a longer-than-convenient password to unlock.

You can easily setup password, PIN, or pattern — remember the 3 P’s of mobile security — on your Android device. Click SettingsSecurityScreen lock.

screen lock security

Use a decent (at least 6 characters) pattern, PIN, or password to secure your mobile device. Android 5.0 eliminates face unlock, which rarely worked, and you should never use swipe or none.

Let's discuss this (you can use Markdown in your comment)

Jeff Taylor

I’m just an ordinary guy living an extraordinary life. I’m also an attorney and I blog about Android for lawyers. You can follow me on Twitter, LinkedIn, YouTube, or Google+.