What's the Deal with Two-Step Verification?

It seems that we can’t go a week without hearing about some new security breach involving tens of thousands or even millions of passwords. That’s why it’s essential that you use strong passwords of random characters (and manage them in a full-featured password manager like 1Password or LastPass or, for a more basic approach, iCloud Keychain). But many major Internet companies like Apple, Google, Facebook, and Dropbox offer an option for a higher level of security, called two-step verification.

With a normal account, a bad guy has to get only one thing—your password—to break in. With an account that’s protected by two-step verification, however, breaking in becomes far more difficult. That’s because logging in requires both your normal password and a time-limited one-time password that is generated by a special authentication app or sent to you in an SMS text message or via email. What’s important about these secondary passwords is that they’re valid only for a short time and they can be used only once. You have to enter these secondary passwords only the first time that you log in on a particular device or in a particular Web browser, so they are just an occasional extra step, not a daily inconvenience.

Sites that offer two-step verification will provide setup and usage instructions, but the basics are as follows. You’ll enable two-step verification in the account settings, and then tell the site how you’ll get the one-time password when you want to log in, generally providing your phone number or email address. For services that use an authentication app like Google Authenticator, Authy, or 1Password, you’ll have to scan a QR code on screen or enter a secret key—either way, that seeds the app with a value that enables it to generate a valid one-time password every 30 seconds. Make sure to record any backup codes the site provides; they’re essential if you lose access to your phone or your email.

When it comes time to log in to a service protected by two-step verification, you’ll enter your username and password as you normally would. Then, you’ll be prompted for a one-time password, and the service will either send you one via SMS or email, or require you to look it up in your authenticator app. Since a bad guy who might have obtained your normal password would also have to intercept your text or email messages, or have stolen your mobile phone (and be able to get past its passcode), you’re far, far safer.

Most sites that use two-step verification don’t require that you enter a one-time password on every login, since that would be overkill. It’s also unnecessary to enable two-step verification for every account you might have—there isn’t much liability to someone logging in to your New York Times account since they couldn’t do anything diabolical once in. For more-important accounts—email, social media, cloud services, banking—you absolutely should use two-step verification for added protection so a bad guy can’t impersonate you to your friends, receive email-based password resets for other sites, or access your most important data.

You may also hear the term two-factor authentication, which is even more secure than two-step verification when implemented correctly. That’s because two-factor authentication combines something you know (your password) with something you have (such as a secure token keyfob that generates time-limited one-time passwords) or something that’s true of you (biometric info like a fingerprint or iris scan). It might seem like using your iPhone to get a text message or run an authenticator app qualifies, but if you end up doing everything on a single device that could be compromised, it’s not true two-factor authentication.

Regardless of the terminology, going beyond a single password, no matter how strong, significantly increases your security, and you would be well served to employ such a security technology for your most important accounts. To learn more about why strong passwords are necessary, using password managers, and even more details behind two-step verification and two-factor authentication, check out Take Control of Your Passwords.

Security Alert: Backdoor iWorm

Hello Mac Users, MacExperience wants to keep everyone informed and updated on the latest Mac OS Security issues.

Most Mac computer users know malware is less common on Macs than on Windows. Even though Apple provides built in security such as GateKeeper and File Quarantine, Mac users should not take their OS X security for granted

Macs aren’t immune to malware. Recently, there have been many issues of Malware infecting Mac computers like Genieo. Additionally, a new Mac Malware called Mac.Backdoor.iWorm is making rounds infecting Mac computers to be used as Botnets.

Therefore, MacExperience recommends some steps you can take to improve your security on Mac computers. Here are some easy ways you can improve your Mac security.

1. Keep your OS X software updated with the latest patches and OS software updates.

2. Set GateKeeper to only run digitally signed apps from the Mac App Store. This setting is in System preferences under Security and Privacy. 

3. Run anti-virus/anti-malware software on your Macs.

Mac computers have become very popular. As a result, more malicious code is being written to take advantage of unprotected computers.

4. Limit the use of Administrator accounts

Allow only necessary admin accounts to install and modify system settings. Don’t share administrator names and passwords. Log out when you leave your Mac so unauthorized people don’t use your Mac with administrator privileges. Require a password to wake your Mac from sleep or screen saver.

Contact MacExperience

For more information on Mac Security solutions for home or your business. MacExperience offers solutions to protect your personal or business assets.


Other recent OS X security news:

Also in the news was the known security issue regarding the Bash exploit. The OS X bash update can be found directly at

More on GateKeeper:

*** UPDATE: Oct. 7th *** Apple has added the new iWorm definitions to detect this malware.

Mobile Security: Apple vs. Android

Apple vs Android Graphic copyAs your smartphone becomes more and more ubiquitous with every part of your life -- from holding your banking information to pictures of your kids -- the need for mobile security is increasingly important. So far, there have been very few effective mobile viruses, especially when compared to the amount we see on a personal computer level. But as more people ditch their desktop and even laptops in favor of tablets and smartphones, so, too, will the attention of those wishing to hack your device.

So who wins in the battle of mobile security? Quite simply, Apple beats Android.

Let’s take a look at why, though.

It all comes down to control. Apple regulates what apps make it to the App Store, which means that all apps are screened for security, both by making sure there isn’t malicious code lurking in the app itself and that the security features of otherwise trusted apps protect your information.

Android, on the other hand, has an unregulated application marketplace, which means more malware will be available for you to unknowingly download. In fact, 75 percent of all malware for smartphones targets Android-based devices.

As this great infographic found on Mashable (from Ladbrokes Games) points out, no malware has ever infected an iPhone and in the history of the App Store. Only one spam app made it through Apple’s screening, and it was quickly removed.

Another reason for the iPhone’s better security is simple logistics. The Android platform is offered on a variety of different phones, while the iPhone is Apple’s only smartphone in the market. That means their attention is laser focused on keeping one device secure and not at protecting a collection of different phones.

Additionally, Apple now offers a remote wipe with the Find My iPhone app. That means that if your phone is lost or stolen, you can track its location and even wipe it clean from another computer.

So if security is what you are looking for in a mobile device, we at The MacExperience stand by Apple.

Taking Home Security to the Macs

There are plenty of reasons people want to install security cameras in their home or business, but they all revolve around safety and peace of mind (and maybe the hope of catching some paranormal shenanigans). The MacExperience sells you the latest and greatest Apple products, but we also know how to maximize their capabilities to meet your home security needs. For instance, did you know you can view your cameras online on your iPhone, on your iPad or in your Web browser?

This means you can keep a real-time eye on your house during vacation, check on the kids who get home from school before you get home from work or even provide evidence of a break-in to police. Cameras can be wireless or wired, and most Macs (anything newer than a G4) can serve as your DVR.

Above all else, security cameras serve as a deterrent to crime. Knowing they're being watched and that you take home security seriously is a good sign that any would-be robber should move along.

You can learn more about Mac-based home security systems, including costs of hardware and installation, in the video below.

Contact us today to find out more.

College Kids, Keep Your Apple Gear Safe

It’s a fact: College campuses provide many opportunities for some thief to snag your electronics. You are always moving between classes, working on group projects, leaving your computer out in the library while you go grab coffee and more. Now there are funny stories involving stolen MacBooks, like This Guy Has My MacBook, but most stories just end with infuriated people wishing they had backed up their files while they start saving money for a new laptop.

After all, according to an FBI study, 97 percent of stolen laptops are never recovered.

Now most people aren’t going to try and grab your MacBook, iPhone, iPad or headphones, but it’s naive to think it couldn’t happen to you.

Always Take Your Stuff With You Even if you’re just going away for a second, never leave your Apple devices laying around, particularly your iPad or iPhone, as they can easily be grabbed and stored without anyone noticing.

Lock It Down MacBooks comes with a specifically-designed cable hole so you can lock your computer to your desk or other large/stationary object. Surprisingly, many people still don’t use the simplest and most effective way to prevent theft. You don’t have to lock it down every time you sit down in class, but if you’re in the library or working at a coffeehouse, then there is no reason you shouldn’t have it secured.

Get a Comfortable Bag and Keep It Secure If you have a bag that feels good on your shoulder, stores all of your gear, and of course looks amazing, the more you’ll get in a good habit of taking it with you.

Form good habits when taking your bag to class, the library or when out during lunch. Keep it where you can see it, and if you put it on the ground, stick the leg of your chair through the shoulder sling. You’d be surprised how easy it is for someone to slide your bag over to them when you’re distracted by friends or a lecture, especially in large auditorium classes that freshmen at IU, Purdue and Ball State know all so well.

It’s also a good idea to get a bag with some built-in impact protection as drops and bumps are going to happen when you’re lugging it across campus every day.

Backup, Backup, Backup! We’ve covered how simple it is to use TimeMachine earlier, so if you aren’t backing up your files regularly, now is the time to start. It’s surprisingly simple. And if you do get your MacBook stolen, at least you won’t lose your pictures, movies, documents and programs.

Keep your Apple gear safe the same way you would any other possession. You wouldn’t assume the person next to you wouldn’t steal your wallet or purse if you left for a minute, so why would you take the chance with a device that holds more personal information and is as valuable to a thief as a stack of hundred dollar bills?

For more security questions, like data backup, data encryption and utilizing the cloud for finding a lost or stolen Apple product, talk to The MacExperience today.

How To Set Up Time Machine

Backing up your computer files is like exercising; it’s something that everyone knows they should do, but few take the time to actually do it. But Apple has made the hassle of backing up your files as simple as possible with Time Machine. Time machine keeps hourly backups for 24 hours, daily backups for a month and weekly backups until your drive is full. OS X Lion and Mountain Lion also give the ability to encrypt your backup files giving you added security. Time Machine will automatically back up:

  • System files
  • Applications
  • Preferences
  • Music
  • Photos
  • Movies
  • Documents
  • and more

All you have to do is connect a hard drive, and Apple will guide you through the rest.

You can use either an external hard drive connected with Thunderbolt, USB or FireWire, or if you have installed a secondary internal hard drive on your machine you can use that. Open Time Machine and if it will ask if you use would like to backup your computer to the new hard drive. Simply click “Use as Backup Disk” and your preferences will open allowing you to encrypt your files, how often you would like Time Machine to backup your system and more.

For more information and directions on manually preparing a disk for Time Machine, visit this Apple Support page.

So how big of an external hard drive will you need? Well it depends on how much and how often you want to backup. Most people will require between 500GB and 2TB’s worth of space.

Stop into one of our MacExperience locations and we can answer your backup questions and provide you with the hard drives you need to make sure your musics, photos, documents and movies are kept safe.

Why You Should Set Up Find My iPhone Today

Everyone loses his or her iPhone every now and then. Usually it turns up in the car, stuck in the couch cushions or somewhere your inquisitive toddler decided to hide it this week. Most of the time, it is recovered without much worry. But that sinking feeling when you realize you have left it at a restaurant, on the bus or in class is something that happens to thousands of people every day.

That’s why The MacExperience strongly recommends setting up all of your iPhones, iPads and iPods and Macs with the Find My iPhone app.

Once you have the app installed and register your Apple ID on the device, you will be able to see its location on a map and display a custom message on the screen like “Please call (***)***-**** if you find this phone for a reward.”


Additionally, you can have the device beep at full volume for two minutes, even if it is set to silent mode.

As more and more important documents, data and images are saved on your phone, the dangers of someone accessing that information increases. That’s why Find My iPhone allows you to lock your iPhone or you can even wipe all personal data from your phone remotely.

The new iOS 6 installs this app automatically, but you’ll still need to register your Apple ID and an iCloud account.

Install it now, if you haven’t already, and test it to make sure it works. Play the sound, try a custom message and lock the device.

If you have questions about security of your Mac products or want additional backup and protection, the Apple Certified specialists at The MacExperience can answer any questions you may have. Visit one of our four Indiana locations at the Greenwood Park Mall, Bloomington, Downtown Indy by IUPUI or our newest location at Hamilton Town Center.

Meraki for Mac Business Security Solutions

As the wave of wireless access grows your business infrastrcture or organization needs to respond. Especially if you provide wireless services to guests in your network. MacExperience is an Authorized dealer of Meraki products and services and would be happy to help you maximize your wireless offerings while providing the most efficient and secure use of your business network. Meraki LogoIdentify hundreds of applications, from business apps to BitTorrent and YouTube. Prioritize critical apps like VoIP, and limit or block wasteful bandwidth consumption such as P2P file sharing. Apply policies by device type, automatically assigning VLAN tags, traffic shaping rules, bandwidth limits, and firewall policies to iPads and other device types. And user fingerprinting with Google-like search allows administrators to easily identify and control individual users, iPads, Androids, and other devices.

Meraki provides complete out-of-the-box enterprise class security. Segment wireless users, applications, and devices; secure your network from attacks; and enforce the right policies for each class of users. Meraki’s built-in stateful policy firewall, 802.1X/RADIUS support, and native Active Directory integration deliver fine-grained access control, while Meraki’s Guest Access Firewall provides secure, Internet-only guest WiFi in just one click.

With built-in features like Network Access Control (NAC) and Air Marshal, a real-time scanning intrusion prevention system (WIPS), Meraki enables secure wireless environments without complex setup or systems integration. Meraki WLANs are fully HIPAA and PCI compliant.

Contact us to find out how you can receive a free access point or demo test products.