I’ve been meaning to write about Gmail 2-step verification for a while now, but Jeff Atwood beat me to it with this excellent post: Make Your Email Hacker Proof. If you currently don’t have 2-step verification enabled in Gmail or are not using Gmail, you must read his post in its entirety. Jeff goes into great detail to describe all aspects of using 2-step verification in Gmail.
The importance of your email account security cannot be overstated, because via password recovery a hacked email can potentially provide access to most of your other accounts, including bank accounts. Jeff:
Your email is the skeleton key to your online identity. When you lose control of your email to a hacker – not if, but when you lose control of your email to a hacker – the situation is dire. Email is a one stop shop for online identity theft. You should start thinking of security for your email as roughly equivalent to the sort of security you’d want on your bank account. It’s exceedingly close to that in practice.
The good news, at least if you use GMail, is that you can make your email virtually hacker-proof today, provided you own a cell phone. The fancy geek technical term for this is two factor authentication, but that doesn’t matter right now. What matters is that until you turn this on, your email is vulnerable. So let’s get started. Not tomorrow. Not next week. Right. Freaking. Now.
Here’s what happens when you lose your Gmail account, described by James Fallows:
When [my wife] came back to her desk, half an hour later, she couldn’t log into Gmail at all. By that time, I was up and looking at e‑mail, and we both quickly saw what the real problem was. In my inbox I found a message purporting to be from her, followed by a quickly proliferating stream of concerned responses from friends and acquaintances, all about the fact that she had been “mugged in Madrid.” The account had seemed sluggish earlier that morning because my wife had tried to use it at just the moment a hacker was taking it over and changing its settings—including the password, so that she couldn’t log in again.
The greatest practical fear for my wife and me was that, even if she eventually managed to retrieve her records, so much of our personal and financial data would be in someone else’s presumably hostile hands that we would spend our remaining years looking over our shoulders, wondering how and when something would be put to damaging use. At some point over the past six years, our [email] correspondence would certainly have included every number or code that was important to us – credit card numbers, bank-account information, medical info, and any other sensitive data you can imagine.
But what if you use email, which doesn’t allow two-factor authentication? Switch to Gmail. Again, Jeff Atwood:
Either nag your email provider to provide two-factor authentication, or switch over. Email security is critically important these days, and switching is easy(ish). GMail has had fully secure connections for quite a while now, and once you add two-factor authentication to the mix, that’s about as much online email safety as you can reasonably hope to achieve short of going back to snail mail.
Please, follow this wise advice and enable 2-step authentication in Gmail. Right. Freaking. Now.