Imagine if you turned on your computer and found your entire digital life was wiped: years of photos, emails, documents—gone. That happened to Wired writer Mat Honan last weekend, when hackers broke into his most important accounts. But it could have probably been prevented if he'd done one thing: Enabled "two-factor authentication" on his Gmail account.
Honan details his experience at Wired, a Hopscotch of Doom where hackers lept from one of his accounts to the next, burning everything in their wake. The hackers first used information from Honan's Apple iCloud account to break into his Gmail account. They deleted his Gmail account and remotely erased his iPad, iPhone and MacBook—including two years-worth of photos of his daughter. They took over his Twitter account and even briefly accessed the Twitter account of our sister site Gizmodo, where Honan was a staff writer and still had Twitter access.
The scary thing is that hackers never had to crack or guess a single one of Honan's password. They were able to reset all these accounts' passwords by using some fairly ingenious social engineering and publicly available information.
The hackers were aided by flaws in both Apple and Amazon security. But even with this Honan admits "had I used two-factor authentication for my Google account, it's possible that none of this would have happened." See, two-factor authentication requires you to enter a code sent to your phone, via app or text message, in addition to your password when accessing your Gmail account. This means that even if hackers break or, as in Honan's case, reset your password they can't get into your email without also entering the code from your phone. It's like keeping access codes in a suitcase locked to your wrist, nuclear launch code-style.
These days, you need this extra layer of protection. The password as a security measure is broken, as Honan's ordeal shows, and as many smart people have pointed out before (including Honan). It basically doesn't matter how strong your passwords are, if the attacker is even a little dedicated. Thanks to the sheer amount of data out there on each of us, attackers can assemble enough information to bypass them via password reset and other tricks of social engineering. It's crazy how many people rely just on a password to keep their accounts safe, considering how much priceless stuff we store there.
Go here to enable two-factor authentication if you have a Gmail account. (Facebook also recently introduced two-factor authentication.) It takes about ten minutes but could be the most important thing you do all day.