Michael Jay Lissnerhttps://michaeljaylissner.com/2013-02-02T14:27:15-08:00Enabling Two-Factor Authentication2013-02-02T14:27:15-08:00Mike Lissnertag:michaeljaylissner.com,2013-02-02:posts/2013/02/02/enabling-two-factor-authentication/<p>This post is as much Public Service Announcement as anything else. I didn’t realize that two-factor authentication had finally taken off. It’s practically vital for your email account (you’re asking for trouble without it), but in the past year or so, a bunch of other services have begun offering it. </p>
<p>Today I went on a little security binge, and found that I could turn on two-factor authentication at:</p>
<ul>
<li>Google/Gmail</li>
<li>Yahoo</li>
<li>Dropbox</li>
<li>Charles Schwab (they send you a fob for free)</li>
<li>Facebook</li>
<li>Paypal</li>
<li>Amazon Web Services</li>
</ul>
<p>One note about Charles Schwab is that getting their fob is great, but it’s hardly all you should do to secure your account. You should also set up what they call a “verbal password” that you have to provide whenever you call in. Without it, it’s pretty easy to get into an account via their surprisingly weak phone security.</p>
<p>Anyway, this is a pretty good list so far. The companies are using a handful of different techniques for doing this, but they all seem pretty solid in the end. Google’s, naturally, seems to be one of the most robust, but I’m impressed there’s so much offered.</p>
<p>Go set these up! </p>Yahoo! Drives Me Nuts2008-10-21T10:26:17-07:00Mike Lissnertag:michaeljaylissner.com,2008-10-21:posts/2008/10/21/yahoo-drives-me-nuts/<p>I joined a yahoo group the other day, and I noticed that when Yahoo! shows my member information, it says I am three years younger than I am. “No problem” I thought to myself, “I’ll just edit my information, surely I put in the wrong birthday.”</p>
<p>I went into the member section, and (after giving them my password for the second time in two minutes) found where my birthday was listed as “on file.” I clicked the edit button for that section, and in the resulting page, it again said that my birthday was “on file.” It did not give me a way to change it.</p>
<p>Wondering how to change it, I decided to try the help tool. I searched for “change birthday,” which gave me the response:<blockquote>Q: Why can’t I change my birthdate, and why does it say, “on file”?
A: We use your birthdate as a security measure in case you forget your password. We would not be able to do so if you were able to change it.</blockquote>Great. Good work guys.</p>There’s a Lesson About Yahoo! Security I Learned from Palin Today2008-09-17T15:08:09-07:00Mike Lissnertag:michaeljaylissner.com,2008-09-17:posts/2008/09/17/there-is-a-lesson-about-yahoo-security-i-learned-from-palin-today/<p>The lesson is this: Yahoo! doesn’t use encryption on their webmail. I’ll
repeat that: <span class="caps">YAHOO</span>! <span class="caps">DOESN</span>’T <span class="caps">USE</span> <span class="caps">ENCRYPTION</span> <span class="caps">ON</span> <span class="caps">THEIR</span> <span class="caps">WEBMAIL</span>! </p>
<p>I’m nothing short of shocked. I could have sworn that Yahoo! was a $26B
company. Surely, <span class="caps">SURELY</span> they, of all people would see the importance and
value of secure email, right? Nope. </p>
<p>They’ve been offering free email since at least April of 1996 when they had
their <span class="caps">IPO</span>. Somehow in the last 12 years they never secured the damned thing? What?</p>
<p>Note below the conspicuous use of http rather than https:</p>
<p><img alt="No Alt" src="https://michaeljaylissner.com/images/yahooSecuritySucks.png" /></p>