Stop a Google Account Attack   Leave a comment

I was staring at my phone and watching as someone tried to hack into my Google account. This article shows you how you can tell if your account is being attacked, and – even better – shows you how to keep the attacker out.

Google has given you a great security tool for protecting your account. It’s called Two Factor Authentication. The only catch is that you have to set it up correctly. Here’s the story of what happened to me…

My phone alerted me to an incoming text message. I took a look, and this is what I saw:

001a

Well, that’s very interesting – I received a text message at 1:43 PM with a verification code, but I wasn’t trying to change my password. That meant that someone else was trying to change my password. But they couldn’t do it. In order to change or reset my password, the hacker would need to have my phone. Then, they would see the randomly generated code (in this case, 793124), and they could enter it on the password screen.

As soon as I could (which was a few hours later), I began the process of resetting my password. For the purposes of this article, I chose to use the “forgot my password” option. This is the screen I saw on my desktop computer:

002c

I selected the option to receive a verification code via text message, and then pressed “Continue.” Then Google took me to the next screen, where I would need to put in the verification code.

003b

Meanwhile, my phone alerted me to another incoming text message. It looked like this:

004a

 

The randomly generated code I received at 8:18 PM (which was 497157) is “real,” because I initiated the action. So I entered the code in the verification screen on my computer. At that point, Google let me change my password. Then this screen appeared on my phone:

005b

At this point, I had successfully changed my password.

So, what is two factor authentication? Two pieces of information are needed. One piece of information comes from your head: your password. This is something you know. The other piece of information is delivered to your phone. This requires something you have. It’s possible, but less likely, that a hacker will have access to both pieces of information. If someone sneaky secretly watches you type your password, they still don’t have your phone. On the other hand, if someone steals your phone, they still don’t have your password.

But – and this is a big “but” – you have to take the initiative to set up two factor authentication, and keep everything current. For instance, if you set up two factor authentication, but then later get a new phone and change your phone number, it’s up to you to update your various account settings. You can enable two factor authentication on Google, Facebook, and most other social media sites. Financial institutions, store accounts – wherever you can set up two factor authentication, you really should do it.

 

About these ads

Say something!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: