August 08, 2012, 5:10 PM — If you haven’t read about Wired reporter Mat Honan’s ordeal at the hands of malicious hackers, take some time and read it now. (I’ll wait.) His story about how a passel of juvenile hackers managed to get into his Apple account and wipe all the data off his iPhone, iPad, and Mac -- as well as hijack his Google, Twitter, and Amazon accounts – should be required reading for anyone who uses those services, and especially those of us who’ve blithely linked our social media accounts together using the same email address.
Honan didn’t do anything to tick those hackers off. He was targeted simply because they coveted his @mat Twitter handle. Which means that the same thing could happen to you or me just as easily, and we wouldn’t know we’d been jobbed until far too late.
One thing Honan notes with regret is his failure to turn on two-factor authentication for his Gmail account. If he’d done that, anyone who tried to access his email would have also had to enter a six-digit PIN, which is randomly generated and sent via text message to his phone.
So your first order of business for today: Setting up two-factor authentication for Google. To do that, you’ll need to go into your Gmail Settings (it’s the icon that looks like a little gear in the upper right corner of your inbox). From there:
1. Select Settings, then Accounts and Import.
2. Under Change account settings select “Other Google Account settings”.
3. That will take you to a Web page for your Accounts. Select Security from the left-hand menu. You may be prompted for your password again.
4. Under “2-step verification” you’ll see “Status: OFF.” Click the Edit button next to that. That will take you to a Web page wizard that will walk you through the process of having a six-digit verification code sent to you via text or a robo-call.
Enter the code into the appropriate box, and you’re all set – for that device, anyway.
Admittedly, this is not as easy as simply using a password. You’ll have to do this for every device and every application that uses your Gmail logon, and every device and application doesn’t work exactly the same way. For example, I was able to log on to Gmail using a PIN on my desktop, laptop, and iPad, but not my Android tablet or Windows smartphone. For those, I had to set up separate one-time-use “subtokens” that look something like this: fztz dgpm oxfi uthb.