Some thoughts about account security. I am securing most (well, all that are possible) of my online accounts with 2 factor authentication (2fa). Several of the past security breaches would have been impossible (well, at least more difficult) if users had enabled 2fa. Two independent components to identify a user significantly raise the bar to capture or hack an account- a simple password leak is not enough anymore.
Common services for 2fa:
- SMS
- Google Authenticator
- FreeOTP (App)
- YubiKey (Real Token)
A list of internet accounts that should be protected and a link to their security settings:
- Dropbox http://www.dropbox.com/account#security
- Facebook https://www.facebook.com/settings?tab=security
- Twitter https://twitter.com/settings/security
- Google https://accounts.google.com/b/0/SmsAuthConfig?hl=de
- Microsoft https://account.live.com/summarypage.aspx
- Steam (steam guard)
- LinkedIn https://www.linkedin.com/settings/security-v2?goback=.nas_*1_*1_*1
- Paypal https://www.paypal.com/myaccount/settings/security
- Wordpress (several plugins, example: https://wordpress.org/plugins/two-factor-auth/)