Google exec urges two-factor authentication in wake of tech reporter hack job
Additional security would have prevented destruction of Wired reporter's digital life
Computerworld - In the wake of a multi-faceted hack of a technology reporter that ended with his smartphone, tablet and notebook wiped of all data, Google's spam chief yesterday urged users to set two-factor authentication on their log-ins.
"I ... advise everyone to turn on Google's two-factor authentication to make your Gmail account safer and less likely to get hacked," said Matt Cutts, the head of Google's Web spam team, in a post to his personal blog Tuesday.
Cutts was reacting to the well-publicized hack of Wired reporter Mat Honan last week. The hackers found an alternate email address by scouting Gmail, used that address -- an Apple-issued one that ended in me.com -- and along with a valid billing address and the last four digits of a credit card, both easily acquired elsewhere, convinced Apple's technical support to give them access to the me.com account.
Once in control of the account, the hackers accessed Honan's Find My Mac, Find My iPhone and Find My iPad services to remotely wipe all three devices.
Honan has detailed the demolition of his digital life here.
He admitted he had not done all he could have to secure his accounts.
"Because I didn't have Google's two-factor authentication turned on, when [the hacker] entered my Gmail address, he could view the alternate e-mail I had set up for account recovery," wrote Honan. "If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here."
Two-factor authentication -- also called "two-step verification" -- sends a second password for an account to a pre-defined phone number. Most people who use it have the second password sent to their mobile phone.
Gmail offers two-factor authentication, as does one of its rivals, Yahoo Mail. However, Microsoft's Hotmail, and the recent revamp, Outlook.com, does not. Microsoft's email services only provide a one-time code, sent to a pre-defined phone, that can be used to log into the service in lieu of a password, not as an additional level of security. The Redmond, Wash. developer bills it as a way to shield a password when logging on to Hotmail or Outlook.com at a public PC.
Instructions on setting up Gmail's two-factor authentication can be found on Google's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to... All Cybercrime and Hacking White Papers | Webcasts