People think of hacking as complicated programming to get into protected servers, but most of the time it’s just a basic con.
Courtesy of Business Insider, here’s how the Syrian Electronic Army hacked the AP’s twitter account and tweeted that there was an explosion in the White House (as the AP).
It’s the same story you hear over and over. They sent an email to someone at AP that convinced them to click a link. The link asked for an email login, but at that point the person wasn’t on their real email site so the hacker got the email password.
People tend to be too blasé with their email passwords. Oh, it’s just email, it’s not like it’s my banking site. Wrong. Completely wrong. If I have your email account I can go to your banking site and do a password reset. Or any site you use and do a password reset. Your email account is the key. I can get into any of your accounts at that point.
Google knows this and offers simple two factor authentication for any Gmail account. If Gmail is your primary email and you have a smart phone, you are crazy if you don’t do this. If I’m at a strange computer and I log into Gmail, Google sends me a text message on my phone with a code. I have to enter the code as well as my password (two factors). On my laptop that I use all the time, Google asks me about once a month. The inconvenience is negligible.
The security is invaluable.