Google exec urges two-factor authentication in wake of tech reporter hack job
Additional security would have prevented destruction of Wired reporter's digital life
Computerworld - In the wake of a multi-faceted hack of a technology reporter that ended with his smartphone, tablet and notebook wiped of all data, Google's spam chief yesterday urged users to set two-factor authentication on their log-ins.
"I ... advise everyone to turn on Google's two-factor authentication to make your Gmail account safer and less likely to get hacked," said Matt Cutts, the head of Google's Web spam team, in a post to his personal blog Tuesday.
Cutts was reacting to the well-publicized hack of Wired reporter Mat Honan last week. The hackers found an alternate email address by scouting Gmail, used that address -- an Apple-issued one that ended in me.com -- and along with a valid billing address and the last four digits of a credit card, both easily acquired elsewhere, convinced Apple's technical support to give them access to the me.com account.
Once in control of the account, the hackers accessed Honan's Find My Mac, Find My iPhone and Find My iPad services to remotely wipe all three devices.
Honan has detailed the demolition of his digital life here.
He admitted he had not done all he could have to secure his accounts.
"Because I didn't have Google's two-factor authentication turned on, when [the hacker] entered my Gmail address, he could view the alternate e-mail I had set up for account recovery," wrote Honan. "If I had some other account aside from an Apple e-mail address, or had used two-factor authentication for Gmail, everything would have stopped here."
Two-factor authentication -- also called "two-step verification" -- sends a second password for an account to a pre-defined phone number. Most people who use it have the second password sent to their mobile phone.
Gmail offers two-factor authentication, as does one of its rivals, Yahoo Mail. However, Microsoft's Hotmail, and the recent revamp, Outlook.com, does not. Microsoft's email services only provide a one-time code, sent to a pre-defined phone, that can be used to log into the service in lieu of a password, not as an additional level of security. The Redmond, Wash. developer bills it as a way to shield a password when logging on to Hotmail or Outlook.com at a public PC.
Instructions on setting up Gmail's two-factor authentication can be found on Google's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts