Regular readers will notice that my past two columns have focused on security. If you’re a tech columnist, security represents a fertile field to harvest for material: Nearly every day brings news of some new threat or mishap. These problems can affect you and your business and, chances are, you have no idea how to protect yourself. I work with this stuff every day, and even I’ve learned a few things this month.
Let’s start with the unfortunate tale of Mat Honan, a senior reporter for Gizmodo (which covers cool new gizmos). His Apple email was hacked, and the end result was that his Google account was deleted, his Twitter account was taken over, and all the data was wiped from his iPhone, iPad and Macbook (including irreplaceable pictures of his kids). How did it happen? And more important, can it happen to you?
The hack took place because of an interesting chain of events. The hackers were able to able to obtain Mat’s Apple ID (an email address), billing address (looked up online) and the last four digits of his credit card. Using that, they gained access to his Apple account. From there, they reset his Gmail password. As it turns out, Apple customer support will issue a temporary password to anyone who knows your Apple ID, billing address and the last four digits of your credit card. From there, it all went south in a hurry. (If you’re interested in all the details, you can read a full account written by Mat himself at tinyurl.com/techtalk-2012-10. It’s worth your time.)
So, it’s possible this could happen to you if you had a Gmail account linked to an Apple email and revealed the last four digits of your credit card. (Most paper receipts have this information on them, so even your pizza delivery guy could potentially hack into your account). But, as Mat points out, if he’d only set up two-factor authentication on his Gmail account, the hack would never have gotten off the ground.
I’ve written about two-factor authentication before: It consists of something you have (like a debit card) and something you know (like a password or PIN). In the case of Gmail, the something you know is your password. The something you have is your cell phone. When you enable two-factor authentication, you enter your password as well as a number that Google texts to your cell phone right after you enter your password. Since it’s unlikely that someone trying to hack your account also has your cell phone (although it’s still possible), this works pretty effectively.
Of course, it’s a hassle to do this every time you log into your Gmail account. So, Google lets you designate one or more computers as “trusted,” and you only have to go through the routine every month or so. If you have a Gmail account that you care about, I strongly recommend you set up two-factor authentication for it. It’s not hard. Just go to accounts.google.com/SmsAuthConfig and walk through the instructions. It may seem like a hassle, but no one but you is looking out for your online security.
Observant readers will note that if you lose a trusted machine, you’ve lost one of the two authentication factors. Fortunately, Google lets you revoke a computer’s trusted status, but it’s just one more thing to remember to do if you lose your computer or smartphone.
Which brings me to the second half of my column, the Tale of the Lost iPhone. My wife was leaving work with her hands full, set her iPhone 3GS on top of the car and—well, you know the rest. Fortunately, we had set up the (free) “Find My iPhone” feature when we upgraded to the latest software for her phone (IOS 5). If you have an iPhone, you should definitely set it up. Just visit www.iCloud.com.
If you lose your phone, you log into iCloud with your Apple ID and you can see where your phone is (at least if it’s turned on and still has battery). New York Times columnist David Pogue had his iPhone stolen on a commuter train, and recovered it this way (see tinyurl.com/techtalk-2010-10-1—another good tale). Of course, it helps to be a famous tech columnist.
When my wife told me her phone had probably been lost, I went to iCloud and sure enough, it located the phone at a restaurant in St. Helena. Later that night, it moved to a residential location in Vallejo, so it was pretty clear someone had found it. Find My iPhone lets you display a message on the phone, so I asked the person to call. No response. Fortunately, iCloud also lets you lock the phone with a PIN. The last resort is to tell the iPhone to wipe itself, which I held off on, as once you do this, the phone can no longer be located. If the phone is offline, these commands will be transmitted to the device if it (ever) comes online. It’s a pretty cool service.
We called the police, and that’s where it became interesting. Basically, you’ll need both the phone’s serial number and the IMEI (international mobile equipment identity) number if you want to file a report. These numbers are on the original box, which we were lucky enough to locate in a drawer. To avoid this problem, here’s what you should do right now: Open up Settings/General/About on your iPhone, scroll down so the serial number and IMEI are showing, and take a picture of the screen (press the home and sleep buttons at the same time). Email it to yourself, and print out a copy for your files. You’ll thank me later.
Come back next month to learn how the story ends. In the meantime, send your questions about phones, security and the meaning of life to mduffy@northbaybiz.com.
