So what do you do about it? In light of these recent exploits, it is necessary to change all your online passwords right away.
I’ve written about the need to use unique passwords for each online account, but most people don’t do this.
The current solution is two-factor authentication. Think of it like an ATM card. An ATM card uses two different methods to confirm your identity. One is the card itself. You must be holding a bank issued piece of plastic to activate an ATM machine. The second is your PIN. The bank assumes only you know the number, and entering the PIN reconfirms your identity.
These two factors provide a reasonable amount of security for your cash. Someone can get your card, but it is useless without the PIN. Likewise, someone can get your PIN, but it is useless without the card.
Two-factor authentication works in a similar way, but rather than a card you have a username and password and a random code replaces the PIN.
Here’s how this works in real terms. When you log into a website, it knows who you are from your username and password. It also knows what device you are using. Each computer, smartphone or tablet has a unique ID. Websites have the ability to associate your device with your account.
Two-factor authentication confirms ownership of your device and authorizes account access with a random code. The code is sent to you by text message, email, an app or a phone call. Enter the code once at login, and the website will remember the device after that.
Like in the ATM and PIN example, if a hacker gets your username and password they will still be unable to access your account without the code.
This is a good time to log into each of your online accounts, change the password and activate two-factor authentication. This is particularly important for banks, Dropbox, Evernote, Gmail, Outlook.com, iTunes, PayPaland other sensitive data sites. To find out which services offer two-factor authentication, visit www.twofactorauth.org. If your bank or online service is not listed, I suggest switching to one that is.
Remember that you are usually the weakest link in your security chain. Never write down passwords or give people your information through email.