This week, Apple finally announced support for two-step verification for both the iCloud and AppleID. Now, users must use a second device to input a special code in order to access account specifics and iTunes purchases. It may seem like a small, or even unnecessary step, but type as fast as you can to implement it now.
Two-step verification is important for everyone, but it’s especially important for journalists. Implement it now, or risk losing your online identity forever.
One of the hottest stories concerning online privacy and hacking of journalists happened just last year, when Wired‘s Mat Honan was the target of hackers. In one fell swoop, the hackers broke into his gMail, his Twitter and his AppleID, erasing the memory of all of his devices and holding all of his social media hostage. After a thorough investigation, Honan found out that the hackers were able to do all of this simply by calling up Amazon and Apple’s customer service to break into his account, and follow back his daisy chain of email accounts to break into the rest of his life.
So how does two-step verification factor into Honan’s earth-shattering problem? The benefits of implementing two-step verification, when available, guards against the very method Honan’s hackers used to crack his accounts. The second step is a continually repeating code of numbers, usually between four to seven characters in length, that can only be accessed by a device that is directly connected to a server that is linked to the code. In short, if someone accesses your AppleID on a foreign computer or mobile device, then Apple would send a code to a verified device (which you set up) that would be necessary to access the account.
Two-step verification is already available on apps like gMail and DropBox, but it’s not available everywhere. As a journalist, it’s absolutely necessary to turn on two-step verification if you haven’t already. Two-step verification will help ensure that you don’t experience the same fate that Honan did, even if hackers do get hold of the correct version of your password. Here are some extra tips:
Reroute all of your social media accounts to mail information to a two-step verified email, such as gMail. This will break the “daisy chain” and ensure that your social media accounts can’t be hacked through the “Lost Password” trick.
Ensure that you print out “failsafe” codes, in case you lose your code-linked device (lost smartphone, anyone?) and need to retrieve your accounts.
If printing out codes isn’t your favorite, put your codes into a cloud app that has (what else?) two-step verification.
If all else fails, keep your laptop as a trusted device for at least one of your two-step programs. That way, you can safely log in and change your account details as a last resort.
Good luck, and stay safe!