Why isn’t everyone doing 2-factor Auth?
Seriously, it is 2015 now. Every big service provider should be supporting some form of 2-factor authentication. Google is a prime example of the right way to implement this, and everyone should be following their lead. This weekend I had an email account I hadn’t used in over a year get its password cracked. The bot then pulled my extremely outdated online address book and sent spam links out to them all. Fantastic! So, I changed the password and deleted all of the contacts out of the address book. Had this provider (cough… AOL …cough) had a 2FA implementation this would have NEVER been able to happen. Their service wouldn’t have been used to send out spam, and I wouldn’t look like a doofus with an apparently weak password on that old account.
I’ll also add, if you have a service like Google and you’re NOT using 2FA, you need to go set that shit up right now. It makes your account nearly IMPOSSIBLE to get in to unless the hacker also has your physical device (usually your phone with an app, I recommend Authenticator Plus) to access your account. Knowing your login name and password alone would never get them in.
Wondering if a service you use supports 2FA or now? Well, check out this nifty website: https://twofactorauth.org/