The fact is your data and identity are at risk and current username and password security is not enough. So what do you do about it?
In light of this recent exploit, it is necessary to change all your online passwords right away. I’ve written about the need to use unique passwords for each online account. You know it is important to create strong passwords and change them often. But in reality most people don’t do this.
The current solution is two factor authentication. Think of two factor authentication like an ATM card. An ATM card uses two different methods to confirm your identity. One is the card itself. You must be holding a bank issued piece of plastic to activate an ATM machine. The second is your pin number. The bank assumes only you know the number and entering the PIN reconfirms your identity.
These two factors provide a reasonable amount of security for your cash. Someone can get your card, but it is useless without the PIN. Likewise, someone can get your PIN, but it is useless without the card.
Two factor authentication works in a similar way, but rather than a card you have a username and password and a random code replaces the PIN.
Here’s how this works in real terms. When you log into a website it knows who you are from your username and password. It also knows what device you are using. Each computer, smartphone or tablet has a unique ID. Websites have the ability to associate your devices with your account.
Two factor authentication confirms ownership of your device and authorizes account access with a random code. The code is sent to you by text message, email, an app, or a phone call. Enter the code once at login and the website will remember the device each time after that.
Like in the ATM and PIN example, if a hacker gets your username and password they will be unable to access your account without the code.
This would be a good time to log into each of your online accounts, change the password, and activate two factor authentication. This is particularly important for banks, dropbox, evernote, gmail, outlook.com, itunes, paypal, and other sensitive data sites.
To find out which services offer two factor authentication visit twofactorauth.org. If your bank or online service is not listed, I suggest switching to one that is.
Remember that you are usually the weakest link in your security chain. Never write down passwords or give people your information through email.
To double down on security, use a password manager. Password managers reduce the risk of reused passwords or those that are easy to decode.
Services like LastPass, Onepassword, or Dashlane create a unique password for each website you visit and store them in a database protected by a master password that you create.
This process can be difficult to use but adds an extra layer of protection that is worth the trouble.