Simply put, your username and passwords are no longer secure methods to access your accounts anymore. Passwords can be easily stolen through a large variety of methods, including standard malware, keyloggers, inspecting packets over unsecured connections, phishing, and so much more. This is the problem that 2FA tries to solve; by trying to add that extra authentication point to prove it’s actually you. Almost like a second super secret password, except this password changes every 30 seconds, and only you have access to it through sometimes through a physical device, such as a phone, or a USB Security Key.
Another option that can be used as your second authentication point, or your “second password”, is using a USB Security Key. Instead of requiring an auto-generated code, or sending you an SMS with a code, you can use a security USB instead. Each security key has an individualized secure chip which performs cryptographic functions, meaning only your key can be used to complete the cryptographic challenge and complete the login process. This gets a little complex the further you delve into it, but know that legitimate FIDO U2F Security Keys are a safe way to authenticate yourself.
It’s important to make sure you buy a legitimate FIDO compliant U2F key. Yubico is a trusted brand in the industry when it comes to FIDO compliant keys. You can purchase a Yubico key on Amazon for fairly cheap.
Popular services that support security keys include Google, Facebook, Dropbox, Salesforce, Github, with others following suite.
Adding a Security Key for Facebook or Google
To setup your Security Key with Facebook, go to your Settings Page > Security & Login > Setting Up Extra Security > Under Security Keys, press Add Key.
To add a security key to your Google account, visit their 2-Step Verification page here > click Add Security Key > and follow their on screen instructions.
You will have to determine if a security key will work for you. For one, you might have to carry it around wherever you go if you are required to signing onto machines you don’t usually sign into. Secondly, losing a security key can be an issue, especially if you don’t have backup codes or other methods for secondary authentication already in place. If a security key does work for you, it can be a very quick, safe, and easy way to authenticate yourself.
If there’s one thing you can do to make your accounts unhackable, it’s 2FA. Two factor Authentication, also known as 2FA, or two step verification, is an added layer of security known as Multi Factor Authentication. In today’s world of increasing digital crime, 2FA is an absolute must for any high profile online accounts. 2FA doesn’t just require your password, but also an additional randomly generated code that changes every 30 seconds that you usually access through your phone. This means, that if a hacker does get access to your password, they would also need to physically have access to your phone, and phones pin/passcode/fingerprint, to get in, making any unauthorized access practically impossible. I could practically tweet out my Gmail password, but without physically having access to my phone & my pin, that password is useless. This stops almost all hackers immediately, and renders your account inaccessible to outside attackers.
If you don’t use 2 Factor Authentication, assume that at some point in the future your account will be compromised.
To start using 2 Factor Authentication, you will need the Google Authenticator app. This is the app that will be providing you with your 2nd authentication point. Download for Android or iPhone. Although Google has moved away from providing a code, and now prompts you instead if you want to authorize a login, like in the photo above. There are a variety of ways that you can provide your second authentication point, Twitter & Facebook like to send you the code via SMS to your phone, but I recommend the app. You can also use a security key, which we will be discussing in a later post.
- Setting up Two Factor Authentication for Gmail
- Setting up Two Factor Authentication for Facebook
- Setting up Two Factor Authentication for Twitter
- Setting up Two Factor Authentication for Amazon
Most popular websites and services now offer 2FA, and I highly recommend you set them up on any accounts that do provide it, especially email accounts, social media, and banking sites.
Check out this neat site, TurnOn2FA.com to help guide you through turning on multi factor authentication on several popular services.
Please note that this guide is an extremely simplified guide on protecting your privacy when it comes to everyday internet browsing, and DOES NOT completely anonymize your internet traffic. We will discuss this in future posts.
This article will pertain to Chrome users, but FF or other browsers should have the same or similar browser extensions. All internet users should always use these three extensions when browsing the web.
Use uBlock Origin
Online ads are pretty much one of the easiest vectors today to accidentally get a virus, malware, or a variety of other malicious software on your computer that could be tracking you or phoning home. Blocking ads is probably one of the quickest and simplest prevention methods you can do to block out a large portion of malicious content online. I might even tell you that if you’re careful with the shit you download and run a VM for testing unknown software, you could safely replace an anti virus software with a simple ad blocker.
uBlock origin is pretty much the gold standard of ad blockers today, uses the least resources compared to other blockers, and allows you to easily add additional filters for malware or privacy. Some previously popular ad blockers have been bought out by advertisers , allowing their ads to still go through, while competitor ads still get blocked, so it’s important you select a well vetted and trusted ad blocker.
uBlock Origin Tip
you can easily add additional malware & privacy filters that can block sites that contain malware even if you accidently do click on a malicious link online
To add additional malware filters to uBlock, right click the uBlock icon that gets added to the address bar after it’s been installed, and select Options, then navigate to the 3rd-party filters tab. Under Malware filters, select all the available filters. From this page you can also enable additional filters, like Privacy filters which are recommended.
Use Privacy Badger
Come Privacy Badger, an extension made by the EFF, automatically and intelligently blocks trackers that may be trying to track you online.
Use HTTPS Everywhere
Another extension made by the EFF, HTTPS Everywhere automatically forces secure HTTPS connections rather than unsecure HTTP connections that can easily be hijacked or monitored. This protects you from very simple MITM attacks. If you’re using an HTTP connection, especially without a VPN, always assume that your complete internet traffic is being monitored. HTTPS Everywhere helps to avoid this issue, without you have to constantly worry if you’re on a secure connection or not.
Does this completely protect my internet traffic online?
Absolutely not. Your ISP, government agencies, hackers, and other malicious parties can still intercept your traffic in a variety of ways, but this is a barebone must have essential kit when browsing the internet today. We will discuss more robust measures to completely anonymize your internet traffic in later posts.
Welcome to our new blog, where we’ll be focusing on your cyber security, online privacy, infosec, and more. This blog will not be geared towards experts, rather, everyday internet users who are looking to better control their online privacy in today’s always connected world. Feel free to suggest topics to discuss, and any other questions you may have. Check back soon for more details and news, and make sure you follow me on twitter @knight47 for more updates.
- Government level Encryption
- Completely anonymize your internet traffic
- Cracking WiFi Passwords, and learning how to make sure you’re not vulnerable
- Hacking Android & Android Security
- and more!