Posts

Are You the Victim of False Alarms?

It was the day before the big January snow and I was simply replying to an email on my iPhone. Yes, it was from an odd location – a grocery store in a neighboring city. But instead of a satisfactory “swoosh” after I touched Send, a message popped up on my iPhone. “Someone just used your password for (my gmail address)” with a link to a specific Google page. Ugh!

You may be wondering if this was some kind of spam message, but I wasn’t worried about that. It was a text message with a Google site for me to visit for more information. Plus, you cannot get a virus from visiting a website on an iPhone unless you’ve done something called “jailbreaking” to it.

Touching the link and reading the explanation, I was directed through Google to review the recent suspicious account activity. I was horrified to see that an Unknown Device located five hours away in Nashville, TN had attempted to log into my Google account!

I immediately followed the instructions to change my password, all while grocery shopping. Google definitely created a sense of urgency in me to prevent the unknown culprit in Tennessee from hacking my account.

Later, at home, I sat down with my computer to review my Google security settings and recent activity. It appeared that Google thought my iPhone was the Unknown Device, but that did not explain why it showed my iPhone in a completely different location. What I did understand, though, was that immediately changing my password had NOT been required.

This little event reminded me of a concerned client who inexplicably kept receiving email alerts on her iPhone that her Facebook account had been accessed from strange locations. The first time she received the disconcerting message, she thought her Facebook account had been hacked and so she changed her Facebook password. But then it occurred again, and again. After studying her email alerts, I decided that she did not have an account security problem, but the location of her iPhone was somehow off.

Having my own little security incident in the grocery store, I felt that the cause of her alerts and mine were related. So, I turned to Google for some answers. Unfortunately, I didn’t find a solid answer from a good source, but here is what I think happened.

Your cell phone is constantly connecting with different cell towers as you change your location. Every time it connects with a cell tower, your cell phone is assigned a number that is kind of an address for that cell tower’s location. It’s called an IP address. Only, in the case of cell towers, the geographic location may or may not be accurate. In fact, it’s inaccurate as much as 50% of the time.

So, hypothesizing that the security alerts my client and I experienced were the result of an inaccurate location being assigned to our cell phones, was there anything we could do to prevent these false alarms?

Google 2-factor authentication

The answer for my Google security alert was to add a Google-supplied feature called 2-factor authentication. I had previously avoided this because I thought it would require me to enter a special code every time I used my email, but I was wrong. It’s very easy to set up on computers and mobile devices and I highly recommend everyone who uses Gmail to use it.

Here is an excellent article with pictures to guide you through setting it up: http://www.cnet.com/how-to/how-to-set-up-googles-two-step-verification/

Once in a while you may have to re-enter the security code that is sent to your mobile phone, but it’s a small price to pay for securing your Gmail account.

Facebook trusted devices and login approvals

For my client’s Facebook login alert emails, after she changed her password and continued to receive alerts, the easiest solution would have been to train Facebook for her trusted devices. But, the more secure solution is to require something called Login Approvals. It sounds laborious, but it’s not.

Facebook’s instructions are easy to follow (except for explaining how to go to Security Settings).

From Facebook on your computer:

Once your browsers and devices are trusted, you should only have to enter a security code when you log into Facebook from a new computer, mobile device or browser.

Whether you’ve been a victim of these false alarms or not, I encourage you to spend a few minutes and set up your Google and Facebook accounts for this extra level of security.

It’s called peace of mind.