PSA – EMail Hack Shows Once Again Why You Need To Use 2-Factor Authentication

The news from Reuters today outlining a massive email hack that has impacted some 270 million accounts globally, including some Gmail accounts, serves as another reminder to be safe out there and to use 2-Factor authentication.  Yes it is a pain and yes it sucks that we have to do these kinds of things, but it is a great way to keep your Google account and any other for that matter more safe and secure.  In fact, I would go as far as to suggest that if a service you use doesn’t offer 2-Factor authentication, you may need to rethink if you really need that service.

In all, there were 24 million of the 270 million accounts from Gmail.  The credentials to these accounts have been compromised and are being shopped around online for who-knows-what type of

Google Authenticator for Android
Google Authenticator for Android

activity.  While Gmail fared okay, It’s still not great that roughly 9% of the entire compromised accounts came from Google.  The worst?  Here in the US, Yahoo Mail which had some 40 million accounts compromised.

The best way to combat this is by using 2-Factor authentication on your accounts.  For Google users, it is super easy to setup.  Go to your Google account at https://accounts.google.com and sign in.  Now go to the Sign in & Security tab and look for 2-step verification on the screen.  Click on that and go through the wizard to set things up.  Ideally, you should use an authenticator app (I use Google Authenticator) but you can also set it up via text message or a security key device.  Once it is set up, every time you want to sign into your Google account from a new device or service, you will have to not only provide your password but the PIN that the authenticator app provides you (or via text message).  Again, yes I know this is a pain, but it is better than your account and all of your stored information and things like your Google Photos going away.

Most major online services offer 2-factor authentication in some form.  As one who has had a breach of an account in the past – prior to the 2-factor days – I highly recommend readers enable this on the Google account and any others they can.  I also recommend that if you don’t use an account with a service any longer, close that account.