I was staring at my phone and watching as someone tried to hack into my Google account. This article shows you how you can tell if your account is being attacked, and – even better – shows you how to keep the attacker out.
Google has given you a great security tool for protecting your account. It’s called Two Factor Authentication. The only catch is that you have to set it up correctly. Here’s the story of what happened to me…
My phone alerted me to an incoming text message. I took a look, and this is what I saw:
Well, that’s very interesting – I received a text message at 1:43 PM with a verification code, but I wasn’t trying to change my password. That meant that someone else was trying to change my password. But they couldn’t do it. In order to change or reset my password, the hacker would need to have my phone. Then, they would see the randomly generated code (in this case, 793124), and they could enter it on the password screen.
As soon as I could (which was a few hours later), I began the process of resetting my password. For the purposes of this article, I chose to use the “forgot my password” option. This is the screen I saw on my desktop computer:
I selected the option to receive a verification code via text message, and then pressed “Continue.” Then Google took me to the next screen, where I would need to put in the verification code.
Meanwhile, my phone alerted me to another incoming text message. It looked like this:
The randomly generated code I received at 8:18 PM (which was 497157) is “real,” because I initiated the action. So I entered the code in the verification screen on my computer. At that point, Google let me change my password. Then this screen appeared on my phone:
At this point, I had successfully changed my password.
So, what is two factor authentication? Two pieces of information are needed. One piece of information comes from your head: your password. This is something you know. The other piece of information is delivered to your phone. This requires something you have. It’s possible, but less likely, that a hacker will have access to both pieces of information. If someone sneaky secretly watches you type your password, they still don’t have your phone. On the other hand, if someone steals your phone, they still don’t have your password.
But – and this is a big “but” – you have to take the initiative to set up two factor authentication, and keep everything current. For instance, if you set up two factor authentication, but then later get a new phone and change your phone number, it’s up to you to update your various account settings. You can enable two factor authentication on Google, Facebook, and most other social media sites. Financial institutions, store accounts – wherever you can set up two factor authentication, you really should do it.