This past weekend, personal photos from a number of celebrities were leaked online. Though it’s still not clear how these photos were obtained, it is clear that they were obtained directly from the owner as opposed to sent to a third party who then shared them with others/posted them online.
The concern is how the hacker in question was able to access so many of these devices, especially when some celebrities say the images were deleted a long time ago. There has been a ton of rumours surrounding an iCloud vulnerability or a Find My iPhone exploit (iBrute) that allowed the hacker in question to brute force victims accounts by guessing passwords until access was granted. Apple has said it is investigating, but there’s no telling when we’ll know for sure.
In the meantime, it’s important that we all take whatever steps we can to protect our information. If iBrute was the culprit, this whole thing might have been prevented if the victims had two-factor verification in place.
Many popular online services off two-factor authentication, but not everyone is aware of how it can help protect their accounts. The following services offer two-factor authentication. Here’s how to they work and where you can access the set up of two-factor authentication on each service.
Apple’s two-factor authentication can be set up via your Apple ID settings. Note that you’ll need to wait three days between the request to set up two-factor and the actual set-up. Apple puts this requirement in place so only you can set up two-factor on your account, and not someone else.
PayPal’s two-factor authentication comes in the form of PayPal Security Key. You’ll need to set your phone up as a security key, but the process itself is relatively quick and painless.
Enabling two-step verification with Google will add a second layer of security to your Google account. You can also add a second phone number for when your phone is unavailable (handy if you’re traveling or if you share an email account with someone else).
Twitter’s set up couldn’t be easier. Just visit your security settings and check the box that says, “Require a verification code when I sign in.” You’ll need to add a phone number to your Twitter account to set this up (obviously). If you’ve already done that, Twitter will send you a text verifying your number and then you’re all set.
Facebook’s login approval process also requires phone number verification but is fairly easy to turn on. You’ll find it under Settings > Security. Again, you’ll have to provide your phone number if you haven’t already, and Facebook will text you a verification code to get the service up and running. There’s also the option to delay the activation by seven days in case you don’t have your phone with you.
Log in to your Dropbox and navigate to Settings > Security. From there, you’ll be able to enable two-step verification. Dropbox will send you a six digit code to verify your number. Dropbox also gives you the option for a back up number and provides you with a special code that you can use if neither device is available.
Microsoft’s two-step verification, similar to Google, is applied across your entire Microsoft account as opposed to any one service. It’s enabled under the password and security info tab. You can also generate app passwords so you don’t have to key in your real password on unfamiliar or new devices.
LinkedIn joins Facebook and Twitter on the list of social networks offering two-factor authentication. The company has offered two-factor authentication for the last year. This can be accessed via Account & Settings > Privacy & Settings > Manage Security Settings. From there, you toggle the two-step verification switch to on and set it up with your phone as the receiving number. LinkedIn will send you a code to verify your number and you’re good to go.
Amazon offers milt-factor authentication for Amazon Web Services. Users signing into an AWS website will be prompted for both username and password as well as a pass code sent to their device. Amazon also offers AWS customers the option of enabling two-step via a physical key fob or a credit card like device.