When visits Facebook, he's been having issues where the page scrolls on its own. Leo says if it happened everywhere, it could be a stuck down key, but since it only happens on Facebook, that's an indicator for software. Could someone be taking over his account? Leo says probably not. Just in case, however, he should go into his Facebook settings and turn on 2nd factor authentication. Then if someone tries to hack his account, it'll send him a notification asking if he's logging in. If it's not him, they can't log in.
2 factor authentication
Melanie finally got Google to reset her password and now she wants to know how she can prevent having her account hacked in the future. Leo says that the first thing is to have a recovery phone number and a different email for recovery. Then she should turn on 2-factor authentication. Making her password really difficult to crack is a good idea. Leo recommends using a password vault, like LastPass, and have it generate her passwords. Then she only has to remember LastPass's password and it will take care of the rest.
Sending unsolicited text messages is bad form, and Facebook got caught using their 2 Factor Authentication database to send out ads and other notifications.
Facebook admitted their faux pas and apologized. Leo says that's become the modus operandi of Facebook: move fast and break things, then apologize. In other words, better to ask forgiveness than ask permission.
Melanie's email account was hacked so she changed her password and set up 2-factor authentication. Now when she logs in, it tells her there's been "too many attempts" and it logs her out. Leo says that there is a Google help chat where she could get it reset. There's also a phone number that she can call. She should check under Google Help.
Tom wants to know how Apple's 2 Factor Authentication works with Find My Phone. When he logs into iCloud to look for his phone, it'll send his 2 Factor Authenticator to his phone. But how can he find his phone that way? Leo says that Apple does 2 Factor different from everyone else. If he has another Apple device like an iMac or iPad, then he could do it. It'll send the code to all of his Apple devices. Not just the iPhone. He can also use trusted phone numbers and enroll a landline or his wife's phone that they will call and give him the number audibly.
Saren hasn't been receiving the two factor authentication code he normally gets for his Gmail account. He would normally get it through his Google Voice number. Leo says it's insecure to send those two factor codes through SMS, because someone could spoof his number and get the text message. Google may have even stopped supporting SMS in favor of its Google Authenticator app.
Carla's Google account has been hacked. She sees things in her Gmail account she doesn't recognize and her YouTube watch list has things on it she never watched. Leo says Google has a security checkup that she can use to see if she's being hacked and she can disconnect any device she doesn't recognize. Carla should also engage 2 Factor Authentication. Obviously, Carla is going to want to change her password as well.
Securing your online accounts is vitally important. The consequences of being hacked can be great — someone could lock you out of your email account. If that account is used for password recovery for your other accounts, then a hacker could get access to all of those as well. There are a few basic things that you should make sure you do to protect your email account:
1. Provide a secondary email address for recovery.
2. Provide a phone number for password recovery.
3. Turn on 2 Factor Authentication.
Clinton's Google account was hacked, and the password recovery was changed to another email address. Leo says that's why Google and Leo recommends 2 Factor Authentication so that he would be contacted should a password change happen. He can also use a secondary email. Clinton can contact Google and they can perhaps get his account back by answering questions that only he would know about.
He should keep in mind that if he used this as a recovery email for other sites, they are vulnerable as well. So he'll have to get it back ASAP before more damage is done.
Using Facebook on a public computer, or even on a friend's computer, can be risky. Facebook stores a cookie in the browser that enables the user to get into the site without actually logging in. This would make it possible for someone else to easily gain access to your account. Instead of avoiding Facebook entirely, there is a way you can still use it and prevent someone else from being able to get in — by using a one-time password.