Two step authentication is not a type of ballroom dance.
I joined LinkedIn yesterday and the first thing I did was set up two step authentication.
It’s called variations of the same thing; 2 step verification, 2 step authentication, login approval. You can use the number ‘2’ or write the word. If you put it into Google, you get the same responses for all of the above.
I believe everyone should do this, but they don’t. What sane, private individual would throw their front door wide open to the general populace and say, “Help yourself,” without thinking through the consequences?
It felt cool finding people I’d lost touch with in other author groups on Facebook. I enjoyed some interesting conversations and spent a heap of time catching up. I was once a special snowflake with a novel I felt too scared to let anyone read and that’s changed. I’ve written 22 and no longer reach for the defibrillator before reading reviews. Maybe I’ve grown a harder shell or maybe I just own my work with more conviction nowadays.
I haven’t seen enough of LinkedIn yet to know if the wails of distress echo there too.
“I’ve been hacked.”
“Someone cloned me.”
“Don’t accept another friend request – it’s not me.”
“I’m not really selling Raybans. Don’t give them your credit card number.”
“I don’t know who posted that on my page!”
It’s all over Facebook, Twitter and the other popular platforms. My experience is with Facebook, Twitter and Tumblr but I’ve heard some real horror stories from the others.
This hurts real people.
A colleague once ran into my office in distress because someone hacked her Facebook profile, added their other hacker friends and started spamming her contacts using her identity. She deleted one contact but four more took their place. They knew her password and did what they liked. She saw her reputation going down the toilet and cried real tears. Then she deactivated her account in panic, lost all her photos, friends and social proof. Gone.
A hacker hijacked an author’s Twitter profile and taunted her via her own page. They set up two step authentication to their phone because she never bothered. Every time she changed the password they received a notification, changed it back and taunted her some more. The Twitter wheels moved, but slowly as these things do and she felt traumatised, even after they restored her profile to its rightful owner. Dismayed fans and followers disconnected from her profile, concerned about her inappropriate Tweets. How do you get them back once they’re off your radar and think badly of your brand?
One of the more sobering stories involved an author with a Facebook advertising account. I met him just over a year ago in a writers’ group. He operated his adverts through a page on the back of his profile, which is what you’re meant to do. He left his PayPal account number in there while the ad ran and checked back later. Someone hacked his Facebook profile in the interim and emptied his PayPal account because he used the same password for both. They cleaned him out of thousands of dollars. Good luck getting that back.
Cloning is a little different and you can protect yourself by not leaving your timeline status and photos as public. Protect your friends by opting to hide them from other people. It’s very difficult to impersonate your profile using copied images and no knowledge of who your friends are. It defeats the object. Don’t leave yourself or them open. If you’re not a business or celebrity, the world doesn’t need to see what you ate for tea last night. Close it down.
Here’s how to hide your contacts’ list on Facebook. You can also Google how to do this on the other platforms. It’s not hard.
Here’s an article from USA Today about Facebook cloning in case you need convincing.
If you don’t care about yourself, at least protect your friends. Your grandma might only have social media to stay in touch with you. She lives vicariously through your food pictures and just about manages to click ‘like’ on your status with the help of her aged brother. But if she gets a private message from a fake you asking for money and persuading her not to tell anyone else, what’s she going to do? She’ll empty her meager savings account and you know it. Why put her in that kind of danger? That’s on you.
Two step authentication.
I’ve blogged about this before but I’ll do it again because it frustrates me. If social media platforms offer two step authentication then it’s because there’s a problem. They’re helping you double lock your kingdom. So why do people leave the front door wide open and then expect pity when they discover their social media accounts used nefariously?
Why would someone tamper with your social media profile?
Because they can is the first answer. Because you made it easy for them is the second. But like most things it’s all about the money. Many people run adverts off the back of their accounts. Businesses plug their company credit card into Facebook to send their logo and time sensitive special offers spinning through your newsfeed. Others attach their PayPal account. The provider wants to pitch the seller’s advert and then put their hand in the money pot to pay for it. They demand open access to that handy line of credit.
You might click a post marked ‘sponsored’ in your newsfeed on any of the social media platforms and it takes you where they want you to go. You slip through lead pages and funnels to the place they planned to take you. But they paid for that privilege and they’ll keep paying. Behind the scenes is a giant social media provider dipping its fingers into a pot of money. That’s what hackers want. Access to the pot of money.
But I’m not a business.
So what? It’s a game of chance. Some you win, some you lose. For every dozen unsuccessful hacks there’ll be one that pays off big time. You’re just collateral damage. You might not have a bank account attached to your account, but if they farm your gorgeous photos of ponies and cats they’ll eventually find something useful. They might get that email address you posted to a friend or your change of phone number. They can sell that information to someone. They’ll see where you work, who your friends are and where you went on holiday. They can see all your private messages. They might do nothing. They might do lots.
Would you give your passwords to a stranger?
No? So, you’ve implemented two step authentication on all your social media platforms then?
This is where I work hard. Not to convince you to, but to stop myself banging my head against my keyboard. If I see one more post about this, I swear I’ll do myself an injury. I don’t have time for injuries.
I’ve stopped commenting nowadays when I see a distress signal. Instead, I’ll grab my trainers and do what Forrest did. I might as well. Nobody listens.
It’s too difficult.
No again, no. It takes a total of 3 minutes to add your mobile phone number to each platform; Twitter, Google+, Gmail, Facebook, LinkedIn, Tumblr, Pinterest…
I know this because I timed myself yesterday when I added it to LinkedIn. You’ll find the correct tab usually in the security settings. I added my mobile number and clicked to activate. I clicked to set up two step authentication and LinkedIn sent me a text message with a numbered code. I didn’t pay for the text, so don’t use that as another excuse. I read the code and typed it into the onscreen box. Voila! Protected.
But you know what? Even if it took 10 minutes each time, I’d still do it. Because it will take me a lot longer to unravel the mess if someone hacks into my accounts. That might run into days of stress and hassle.
I can’t be bothered putting codes in every time.
Don’t then. Verify your mobile phone, laptop and work computer as your usual devices. It won’t ask you again. But it will watch for unknown devices and let you know when someone tries to log in who isn’t you.
What happens next?
I have this set up on everything pertaining to me. If I try to log in from another device or a location area that isn’t usual for me, I’m asked for a code before I can log in. The text they send in response to the login attempt goes automatically to my mobile number and usually arrives within seconds of me hitting that screen. I repeat; it has never cost me anything. It takes seconds to enter the code into the onscreen box because yes, this is me. I am not a hacker, I am me. Job done.
If a hacker guesses my password correctly and tries to log in, I get a text. Me, not them. They can’t get in without that code. I subsequently know that someone tried to hack my account and failed because my phone just received a code via text that I didn’t request. With Facebook, I also receive an email giving a rough location of the attempt and I can choose to flag that to them for investigation. They love it. They can join the dots and block that IP address from interacting with any Facebook profiles. I figure it’s the same with other providers as they use a similar format.
The hacker doesn’t mind. They pick another IP address and carry on. There are plenty of other unprotected accounts out there. It’s mildly frustrating for them but they’ll press a few keys and try another profile. That’s their job. Mine is to protect myself.
Okay, you convinced me. How can I do it?
I won’t depress myself by spending the day taking screenshots for each provider.
Google is your best friend for this task. Ask the question in the browser and see what it finds. I just entered, ‘Turning on 2 step authentication for…’ Fill in your own social media platform.
To help you out, here are the instructions from a few of the providers’ themselves. They want you to do this and they kindly made these step by step notes which even I can follow. I’ll leave the URLs so you can see them if you need to cut and paste to a different browser.
Here is Facebook’s. https://www.facebook.com/help/loginapprovals
Here is Twitter’s. https://support.twitter.com/articles/20170388
Turn On 2FA I love this site. You can find heaps of platform instructions here. https://www.turnon2fa.com/tutorials/
I’m losing the will to live over this.
I know we all have pet hates. My son’s is listening to other people chewing their food. One of my daughters hates lateness in all its varying forms. Long-suffering husband detests walking through the door after a hard day at the IT chalk face and having me meet him with my broken laptop and tear streaked face.
This is mine. People whining about hacking when they possessed the tools to prevent it and didn’t bother. It’s like claiming someone buried you alive in a worm farm when all you had to do was lift your head.
That’s not my only gripe relating to social media either. One is people who copy and paste items on their newsfeed because someone told them to. They share viral feeds spreading destruction and virtual laptop eating bacteria and open up their profile to more of the same. And worse.
The other is users who willingly give access to a spurious third party who can make their profile picture look like a cartoon, or a Van Gogh. Or tell you what your most used words are, or which celebrity you resemble. And get enough information through the access you give them to do some serious damage.
Finally, as my Yorkshire husband likes to say, “There’s nowt so strange as folk.”
Or as a hacker might say, “Everyone looks good in Raybans.”
If none of this convinces you…
It must be laziness, because ignorance is no excuse. Do it tomorrow just like you said last week. But when you lose all your holiday photos or your work documents, you’ll only have yourself to blame. When your friends are scammed and show reluctance at accepting your requests because they already got burned once, so be it. I don’t want that for you. I could include a million links to articles and genuine victims but it’s not my battle. It’s yours. You have the weapon to defend you at your disposal with two step authentication. Use it.