Warning: I wrote this blog post in 2012. That is a long time ago, especially on the internet. My opinions may have changed since then. Technological progress may have made this information completely obsolete. Proceed with caution.
A little over a year ago I wrote an article on how to come up with a secure, easy-to-remember password for every site you visit, even if you aren’t a geek. I would recommend you go read that now if you didn’t the first time around.
This is a follow-up post about something very simple that you can do to make your identity much more secure. But this advice is only for GMail users. If you don’t use GMail, you can stop now. Still with me? Okay. As a GMail user, you can enable two-step verification. This means that whenever you sign in to GMail from a new computer, Google will text you a six-digit verification code which you must also enter. This way, even if someone got your email password, they cannot log in to your email without also having your phone. It sounds like it would be a huge pain, but you really only have to go through two-step authentication once a month, which I have found to be not a big deal at all.
I used to think that this was only for really paranoid people, not for me. I don’t have anything all that confidential in my email. I daresay that if the contents of my GMail were posted to Wikileaks tomorrow, I would only be a little embarrassed by what people could read. But then it was explained to me1 like this:
Your email is the master key to your online identity, everywhere.
Think about it this way: If someone gets access to your email, they have access to everything. For example, say they go to your bank’s website and click the “forgot password” link. Your bank will ask for your email address, then dutifully create a new password for the account associated with that address, then send the new password to that address. Voila- now they can access your bank account!2