Security is a funny thing, more of an illusion most of the time, shattered into pieces when a critical system is compromised. For most of us email is the weakest link, an opening to the rest of the things we need to keep secure. What damage could be done by somebody with access to your email?
Could you post your email password on the internet and live to tell about it? I could. I’m about to.
Okay, so this isn’t my real email account, but I’m going to use this account to prove a point. I’m putting the following gmail address and password out there because I want one of you to email me from it. I will give five dollars to the first person that can (seriously). And yes that is the real password.
Email: firstname.lastname@example.org Password: horriblepassword
There is a catch though, even with my password there is nothing you can do. You’re missing something critical. My phone.
What does my phone have to do with all of this? Well, I have enabled two-step verification with my Google account. Anytime a new computer (or mobile phone) tries to sign into my gmail account Google will send a six digit code to my phone via SMS. That code then needs to be entered after the password, once every 30 days. Without the code you can’t log in. No ifs, ands, or buts. Without my phone, that password is useless.
Go ahead try to sign in. My five dollars is looking pretty safe right about now isn’t it?
You can find two-step verification under you Account Settings in your gmail. Just follow the prompts, the setup is very simple.
My wife and I both moved to 2-step verification a couple of months ago and the minimal inconvenience of having to enter that code now and then (no more than every 30 days) is well worth the peace of mind it brings. I would never go without it again.
I’ve been blunt in past blogs about how horrible most people’s passwords are. I say that lovingly, out of concern for other people’s security. But the truth is, most are not nearly as good as they should be. Adding two-step verification is not a substitute for a strong password, but it sure makes it tough for the bad guys. Remember, the harder you make it, the safer your five dollars will be.