a public service announcement from the tech side of tumblr
please read this, it’s pretty important.
with more and more high-profile hacks, we need to all take a look at our internet security. first of all, yes, you should be coming up with a new, secure password for each web service you use. it’s bothersome, but it’s worth it. secondly, and this is really the point of this post, there’s this thing called two-factor verification / authentication (2FA).
tumblr describes it like this:
You know how you need two keys to launch a nuclear missile? Two-factor authentication works like that. One key is your password, the other key is your cellular phone, and you need both to access your Tumblr Dashboard.
working on the premise that passwords alone just aren’t secure anymore, almost all major web services have introduced this feature – but it’s turned off by default. basically, you just enter your cell phone number and from then on, whenever you want to use the service from a new device (or whenever a hacker is trying to log in to your account), you (they) have to enter your password andthe code that is then sent to your phone (which hackers can’t because they don’t have your phone).
two factors - password and code. simple as that.
with more and more of our lives being put online – from banking and shopping, through professional and personal networking, to the storage of our most valuable files in the cloud, it is just no longer “not worth the trouble”. now that you know about two-factor auth, if you are still not vigilant about your own account security across the internet, you are unfortunately contributing to a collective apathy that will almost certainly cause serious damage to businesses and individuals in the future, yourself included. this isn’t just about you - it’s about changing the landscape of internet security on the whole, so hackers don’t get the satisfaction and so financial, social and personal damages can be limited. i hope you understand the gravity of this issue. we keep uploading more and more of ourselves to the web but we just aren’t changing the locks fast enough.
this site has done a spectacular job of organizing a list of services that have implemented 2FA and links to turning it on. i strongly recommend – no, i beg you, to peruse the list for the sites you use and to go ahead and activate 2FA for each of them, or if they don’t have the feature, politely tweet at them to get it set up asap. don’t be lazy about this. just this once. you really don’t want something like this happening to you.