Today, while messing around with the new Facebook privacy settings, I stumbled across the ability to setup 2-factor authentication for my Facebook account. Evidently, this feature was introduced in May, but up until yesterday I never knew it existed.
With the fast growing trend towards using your Facebook account as a single-sign-on provider to enable account creation and access on other web services, the security of your Facebook account is paramount. If a hacker were to gain control of it, they would most likely gain control of a huge swath of services you use on a daily basis (at least for me that’s the case).
2-factor autentication provides an additional layer of security: while before if a hacker discovered your password, they could log in as you on any computer with no problems, with 2-factor authentication they need a second form of identification (in this case, your mobile phone). Essentially, any time you log into a new computer, your phone gets a SMS with a confirmation code, which you then type in and your login is confirmed. Without your phone, a hacker will never be able to access your account.
Right now, you’re probably thinking that that sounds like a pain in the ass: luckily, Facebook makes adding verified computers a breeze, so you won’t have to do the 2-factor authentication on computers you approve (like your personal computer). Obviously, this reduces the security a bit, but the main goal is still achieved.
Setting up 2-factor authentication on your Facebook is super easy, just follow these steps.
In the right header, click the lock icon to access the new privacy panel:
Next, click the ‘See More Settings’ link:
In the left navigation panel, click the security link:
Now, click the edit next to ‘Login Approvals’ and follow the steps that Facebook provides;
Enjoy your newly secured Facebook account!
PS. if you're interested in checking out a 2-factor authentication system that is easier to use than usernames and passwords, check out Clef, the startup I'm working on right now.
Of late, I’ve gotten pretty into chess. I never played much as a kid, but a couple months ago my friends started playing and I joined in. I’m not very good (even for a beginner), so I’ve decided to read and practice to get a little better.
At the suggestion of a friend, I decided to join the Internet Chess Club, so I could play some games online and hone my skills. I went to the site, registered, verified my email, and got the following email in my inbox:
Thank you for signing up for the ONE-MONTH FREE trial on the Internet Chess Club, the most active chess club in the world with over 50,000,000 games played every year!
Your username is: **********
Your password is: **********
You have completed the first step! Next, DOWNLOAD and install the our software from the link below. (ICC is available for Windows, Mac, Linux, iOS, Android, etc.)
Go to: http://www.chessclub.com/download-software
Follow the instructions to download and install. Then enter your username and password, and then click on the “Connect” button and you’ll connect to our playing site.
Once your FREE TRIAL is over, you can renew. https://store.chessclub.com/memberships We offer reduced membership prices starting as low as $9.95!
Or else, simply let your account expire and NO CHARGES will be made.
If you have any questions about the ICC or your account, please email us at firstname.lastname@example.org. Thank you for using the Internet Chess Club! See you online!
phone: 1 (412) 521 5553
Yes, they sent me an email with my password in plaintext (I *****’d it out)–what the fuck. Not only that, but the fact that they can send me my password in plaintext means that they are storing it in plaintext.
Obviously, you don’t need the highest level of security for your chess account, but in this modern day and age it is unacceptable to store passwords (and email them) in plaintext. Not only can that chess account be used to make purchases and access confidential information like your billing address, but if a hacker cracks their server, they have a huge set of plaintext passwords corresponding to user’s emails–most people use only 1 or 2 passwords for all of their accounts, so this is a pretty big deal.
I promptly changed my password and deleted my account. You should too if you’re a member of the ICC.
Oh, and if you hate passwords as much as I do, you should check out Clef, the startup I’m working on that is getting rid of usernames and passwords and replacing them with your mobile phone.
Over the summer, hackNY had the good fortune of welcoming Peter Bell for one of our weekly tech/entrepreneurship talks. He spoke to us about choosing the right technologies for a project and we all left with a better understanding of what it meant to be a technical decision maker.
At the November NYTM, hackNY announced that thanks to Speaker Quinn and the NYC City Council we will be welcoming Peter into the family in an even bigger way: he will be working with the wonderful Manya Ellenberg as an evangelist to expand the hackNY community, improve the 2013 hackNY fellows program and build out the technology that powers hackNY behind the scenes.
I had the good fortune of talking to Peter about why he decided to join hackNY as an evangelist. I asked some questions, he gave some answers, and we had a grand old time:
How did you first get involved with hackNY?
Originally Evan (Korth) asked me to present to his class at NYU. Shortly thereafter I got a chance to present for the fellows over the summer this year.
What made you want to work with hackNY?
I was immediately impressed by the quality of the fellows and the kinds of projects they were working on. I also just love the mission of connecting students to jobs at local startups. I’ve been involved in building businesses for 20 years and I can’t imagine a better way to spend a career in technology.
What are you going to be doing for hackNY over the next few months?
I’ll be working with Evan and Chris to continue to refine the details of the role, but the focus of this evangelist position is to connect jobseekers with opportunities at local tech companies and serve as a bridge between the City’s colleges and universities and the tech industry. I’ll also be writing some code for hackNY to stay relevant as a developer!
What are some of the coolest hacks you’ve done in the past (technical or non technical)?
My favorite hack is around learning. The best way to learn is to teach, so I often commit to giving presentations at major tech conferences on technologies that I know very little about. It forces to me to learn the ins and outs of everything from git to neo4j to datomic in a way that I’d never do if I just had to use them for a project.
If you had to pick one programming language as your favorite, which would it be?
emacs or vim?
IntelliJ for Java, sublime or textmate for day to day hacking and vim when I need to pair remotely. Emacs is on the list - I just need to find a spare decade to get over the initial learning curve! I think a great developer has some familiarity with a range of tools. On the JVM I’m a gradle fan, but I can work equally well with ant or maven.
Anything else you’d like to share?
I’m really excited to bring my experience working with local CTO’s to build a bridge between students and startup job opportunities. Many smaller startups just don’t have the resources to do college tours and often students don’t know what to do to get a great startup job.
I can speak for everyone when I say that Peter will be a tremendous addition to the hackNY leadership taem and that we are very excited to welcome him to the hackNY community.
If you want to follow Peter as he takes hackNY to a new level, follow him on twitter.