Google exec urges two-factor authentication in wake of tech reporter hack job
Additional security would have prevented destruction of Wired reporter's digital life
Computerworld - In the wake of a multi-faceted hack of a technology reporter that ended with his smartphone, tablet and notebook wiped of all data, Google's spam chief yesterday urged users to set two-factor authentication on their log-ins.
"I ... advise everyone to turn on Google's two-factor authentication to make your Gmail account safer and less likely to get hacked," said Matt Cutts, the head of Google's Web spam team, in a post to his personal blog Tuesday.
Cutts was reacting to the well-publicized hack of Wired reporter Mat Honan last week. The hackers found an alternate email address by scouting Gmail, used that address -- an Apple-issued one that ended in me.com -- and along with a valid billing address and the last four digits of a credit card, both easily acquired elsewhere, convinced Apple's technical support to give them access to the me.com account.
Once in control of the account, the hackers accessed Honan's Find My Mac, Find My iPhone and Find My iPad services to remotely wipe all three devices.
Honan has detailed the demolition of his digital life here.
He admitted he had not done all he could have to secure his accounts.
"Because I didn't have Google's two-factor authentication turned on, when [the hacker] entered my Gmail address, he could view the alternate e-mail I had set up for account recovery," wrote Honan. "If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here."
Two-factor authentication -- also called "two-step verification" -- sends a second password for an account to a pre-defined phone number. Most people who use it have the second password sent to their mobile phone.
Gmail offers two-factor authentication, as does one of its rivals, Yahoo Mail. However, Microsoft's Hotmail, and the recent revamp, Outlook.com, does not. Microsoft's email services only provide a one-time code, sent to a pre-defined phone, that can be used to log into the service in lieu of a password, not as an additional level of security. The Redmond, Wash. developer bills it as a way to shield a password when logging on to Hotmail or Outlook.com at a public PC.
Instructions on setting up Gmail's two-factor authentication can be found on Google's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts