Apr 17th 2017
Know How... 303
Protect yourself with MFA, encrypted messaging apps, and surf anonymously with the TOR browser.
Multi-Factor Authentication (MFA) is a way to secure your online accounts that can bring you closer to the "perfect protection".
* Something you know
* Something you have
* Something you ARE
A username and password is only "Something you know" - so it's a single factor authentication
Something you ARE is something like fingerprints, retinal scan or facial recognition.
We're adding a mobile-based verification to our Google account so it's "Something you Have"
1. Log into Google.com with your account
2. Go into "My Account"
3. Under "Sign-in & Security", click "Signing into Google"
Before continuing, this is a good time to set your "recovery email" & "recovery phone" to accounts that are NOT served by your Google account.
* In other words, once you enable 2-Factor authentication, you will require a verification to enter your Google-connected resources. If you setup to send that verification to a Google-connected resource, you won't be able to access the account to get the verification without first verifying the account.
4. Under "Password & sign-in method" click "2-Step Verification"
5. Click "Get Started" (you'll have to sign-in)
6. Enter the phone number of the mobile that will receive your verification codes
7. Enter the code you just received on your phone.
** You are now setup to use 2-Factor Authentication for ALL your Google-connected resources. Anytime you want to access a Google-connected resource from a NEW browser/computer/device/location, you WILL be required to have a verification code that is sent to your device.
There are several features available in Google MFA that you really should use.
1. Backup Codes
* If you've ever worried about being able to access your account after you lose your device or if you're out of connection range, this is for you.
* This will give you a set of 10 one-time use verification codes.
* EACH TIME you press "Get New Codes", it will eliminate the old codes from the authentication list
* You can download them to a thumb drive/laptop or print and keep in your wallet.
2. The Authenticator
* This is an app you can download to your Android or iPhone that will give you verification codes even when your phone is offline.
3. Backup Phone
4. Security Key
* A Security key is a device (usually USB) that acts as your second factor w/o you needing to type anything in.
* You MUST have the device in order to sign in.
* Every once in a while, revoke access from ALL trusted devices. This will require you to MFA for all your devices, but it "clears the table" of any devices you may have authenticated and forgotten.
The TOR Project
- Don't torrent over TOR: doesn't help, slows down network, DON'T BE A JERK
- Don't enable or install browser plugins, i.e. Flash, Quicktime, etc. They can be used to reveal your IP
- Use HTTPS
- Don't open documents downloaded through TOR while online.
- Use Bridges and or find company
Orfox: Tor Browser for Android
- Built on Firefox
- Includes NoScrips and HTTPSEverwhere
Connect with us!
- Don't forget to check out our large library of projects at https://twit.tv/shows/know-how.
- Join our Google+ Community.
- Tweet at us at @PadreSJ, @Cranky_Hippo, and @Anelf3.
Thanks to CacheFly for the bandwidth for this show.