The lists of common-sense things to do to protect your computer have been around for years: choose a secure password, don't download suspicious software, constantly run and update virus protection, protect yourself from spy ware.Despite knowing this advice, I haven't always followed it. Sometimes I download stuff that I haven't checked thoroughly, or I have a simple password to access things I don't use very often. And, for all of my online life I haven't had a problem. Until recently.
Somehow my email was compromised and everyone on my contact list was sent a link to some strange Russian porn site.
That should be the end of it...now my email is done for, and I've got to come up with another address to use. But no...Google sniffed out the problem and did a few clever things to help protect me.
First, they noticed the account was sending out a lot of messages, and stopped the account from being able to send anything out. Then, in order for me to log in again, I had to jump through a lot of hoops (asking questions about what I put down as my personal information) then sent a text message to the number I had listed as my phone number and made me enter it in.
Then, once I had regained access they encouraged me to set up 2-step access. I've always been interested in information security, and the nerdy things smart people can do to keep information safe. The US intelligence agencies use special rooms called SCIFs (pronounced skiffs) to discuss classified information and have specially configured blackberries that allow for access to classified email systems. Google, of course, can't reconfigure the equipment we use, but they can take
advantage of the equipment we have.
Once you're forced to change your password, Google asks you input information about your phone, and if it's a blackberry, iPhone
or other certain smart phones it encourages you to download a program that generates a random 6 digit number every minute.
To configure the program, you take a picture of a QR code (like the one shown to the right) with your phone, and the software translates the image into the information it needs to assign the random numbers to your specific account.
Then, once your phone is configured, you need to enter the 6 digit code the first time you log in to your account. Google recognizes the computers you use on a regular basis, and only makes you put in the code about once a month once it's configured.
Then in a final turn of brilliance, they find 2 ways to help you access your email should you phone go missing. First they ask for a backup number they could send the access information to (as a text message or even a voice mail) and then they employ a form of encryption developed almost a hundred years ago: the one time pad.
US intelligence agencies needed a way to communicate secret information, and a guy named Gilbert who worked for AT&T had the idea of using a randomly generated series of numbers to encrypt messages. The sender would have a list of numbers on a small pad of paper and would shift each letter down the alphabet a number of places. The recipient would have the same list of numbers, and could decipher the message by undoing the change the sender made. After each message, you destroy the page you used and sue the next list of numbers for the next message.
Since the only two people who know how many positions each letter was shifted, and the number is random each time it's virtually impossible to crack. Google takes advantage of this, and as a last resort, if you lose access to your account you are given a list of 10 numbers you are supposed to keep in your wallet. If you don't have you phone, and the other techniques don't work, you use this one time pad to get back in to your account. Clever right?
I'm relieved the geniuses at Google protected me from my, well, dunceness.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.