How to Secure Your Facebook and Gmail Accounts

Lately, there is lots of news about various bank accounts being compromised - including the network of the International Monetary Fund, the biggest piggy bank of them all. Coincidentally, there was the news that both Facebook and Google's Gmail have beefed up their security with two-factor authentication. They both now have optional mechanisms for making sure that your login process is more secure.

Two-factor authentication is called that for a reason: you need more than type in your username and password, something that you have on your person that isn't easily known to anyone else (like your mother's maiden name or birth date). Both sites make use of texting you a short string of numbers to your cell phone as part of the login process: once you set this up, as long as you have your phone nearby (and who doesn't?), you can be sure that no one else can login into your account.

Older forms of two-factor authentication used small key fobs that had a button: when you pressed the button you got a code number that you used to type in at the moment you were logging in. The number changed every 30 seconds or so, making it difficult to hack. Using a cell phone is much more convenient: the fobs were forgotten or lost.

Two-factor authentication has been around for a long time, and lately has gotten a black eye, thanks to the behavior of RSA, one of the leading companies in the market. Their SecurID system was compromised several months ago, and the company has been slow in getting the word out and replacing the fobs for its customers. As a result, several of its competitors have stepped forward and offered deals on replacements.

I've had a fob for my eBay/PayPal account for several years: I think it cost $10. You can still get them, although there are free alternatives available that can make use of your smartphone from Symantec's Verisign Identity Protection program.

But even better is what Google and Facebook have put in place. If you have a Gmail account (but not a Google-hosted email account, sadly), you can get this set up in about 10 minutes: Go to your account's personal settings and you should see a menu item for two-factor authentication, and follow the instructions show in their blog.

http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html

The problem is that adding two-factor for your Gmail account will create problems for you for other applications that access your account. If you use your smartphone or Outlook to access your email, you will need to setup these apps to handle the two-factor authentication. If you read your email on a tablet, ditto. So this may not be as easy as you first think.

Facebook has taken lots of (deserved) knocks on its security, and it also has implemented two-factor authentication lately. Go to Account/Account settings/Account Security and enter the information requested under the Login Approvals section, at least until they rearrange their menus and put it somewhere else.

Two-factor isn't a panacea, and it does add an extra step. And as the folks at Lockheed found it, it isn't flawless. But it does offer much better protection than straight username/password. If you use Google, Facebook, and Paypal, it is time to start using it.

Gmail: Now That You Have It, How Do You Secure It?

gmail sign out problems, keeping it secure is your new priority. A few simple email security steps can prevent strangers from taking over your account and your identity.

1) Your Computer

a. Check for viruses and malware. Run a full system scan in your antivirus program of choice and remove any suspicious programs. b. Enable automatic updates for your operating system and make sure you have the latest updates installed for your Windows or Macintosh OS computer. c. Perform regular updates for the software you use most often -- Adobe Flash and Acrobat Reader are common targets for hackers.

2) Your Browser

a) Keep everything updated! In Firefox, click the help menu to check for updates. In Internet Explorer, select Windows Update under the tools menu.

b) be aware of plugins that access your Google account information and keep them updated. If a plugin, for instance, is set to automatically check your Google inbox, the creators of that plugin potentially have access to your username and password.

3) Your Google Account

a. Change your password if you suspect your account may be compromised. Use a combination of letters and numbers and avoid commonly used words.

b. Go to Google.com/accounts and select Recovering Your Password to set up recovery options. You can regain access to your account via SMS, an alternate email address, or a security question in the case of an account compromise or you forgetting your password.

c. Check which websites can get access to your Google account. Some websites can be set up to interact with your email account. Especially if someone else has gained access to your email, check to see which websites can view your data. They may be viewed by clicking on the "Authorizing applications & sites" link on your Google accounts homepage. Click "Revoke Access" to prevent any unknown sites from accessing your information.

4) Gmail Settings

a. Log in with a secure connection. Select select 'Always use HTTPS.' in your Gmail settings.

b. The "details" link next to the "Last Account Activity" entry allows you to see when your account has been accessed, and provides the IP address of the computers your mail has been viewed from.

c. Make sure your email is going where you want it to! If your account has been compromised, check your signature for spam (in the General tab). Remember to check the Filters, Forwarding, and Accounts sections to make sure your email is not being forwarded to or accessed from another email address.

d. Check your Contacts list for errors or unusual entries.

5) Final thoughts

a. Never send anyone your username or password via email. Google employees will never ask for information in this way.

b. Similarly, never enter your email password into a link you've followed from an email, even if the page looks official. To make sure you're logging into the official Gmail website, go to gmail.com.

c. Don't use the same password as you use for your email on other websites.

d. Never tell anyone your password or secret question answer.

e. Especially on a shared computer, clear your browser cache, passwords, and cookies on a regular basis.

f. Reserve the "stay signed in" option for when you are sure you're the only one using your computer.

g. Remember to click "sign out" when you're done checking your email.

With your account secure, good email management, like removal of duplicate emails, can become new projects. Duplicate removal can be a problem when you import mail from another email program like Outlook. The Gmail "search mail" feature can help you find duplicate email addresses by sender and subject and make this task less of a chore.