category

Computer security is a continuing process

While on vacation recently, I left my laptop backpack on a train and got it back 12 days later from Lost and Found. Everything was fine. However, I took many precautions to ensure security in case it had been stolen, and as a result is my security is vastly improved. Here’s what I did.

First off, I took the laptop off all lists of known devices used by Microsoft and Google. These are also known as trusted devices, meaning Microsoft and Google allow you to log on to them easily, without doing two-factor authentication each time. TFA means if you log onto a device it doesn’t know about, it will send a text or alert to your mobile device, and you authorize the new device by entering a number or clicking something on the mobile. (Entering numbers is getting old school and less secure. Clicking something on a mobile is more secure.)

I use Win 10, so it was essential that the laptop no longer be trusted while it was missing. You can do this on another computer or on your mobile. That way, if someone somehow guessed the Win 10 password, they still couldn’t get in because the laptop now sends a message to the Microsoft Authenticator app on my iPhone asking me to confirm the new device.

Ditto for Google. It also has trusted devices and auto-logins to trusted devices. So, I removed the laptop from Google’s list of trusted devices too. They also have an Authenticator iPhone app. Google also suggested I change my password, so I did. For most of us, Google is the key to many things. If a hacker get gets a Google password, they can access Gmail and change passwords on multiple systems by using password hints going to the Gmail account. They can of course also change your Google password, in which case you are probably screwed.

However, by using 2FA and Authenticator mobile apps, all that goes away. It becomes much harder to hack accounts because the hacker doesn’t have the mobile to authenticate.

I also decertified the Kindle in the backpack, on the off-chance Amazon might not ask for a password when accessing the account itself. I re-certified the Kindle in less than a minute once I got the backpack.

To be absolutely safe, I also changed the password for LastPass, my password program, because it is possible to recover a password if that device had used it.

Yes, all of this is a big hassle. However it is way less work than trying to get back important accounts that have been hacked. 2FA is important. If you don’t use it, you are much more vulnerable.