Two-Factor Authentication Makes You Harder to Hack

Two-Factor Authentication Makes You Harder to Hack


Two-factor authentication adds an extra layer of security to your account. The extra step helps to ensure that you are the only person who can access your account, even if someone else knows your password.

Authentication that requires only a username and password is single-factor authentication. Two-factor authentication requires a username, a password, and a second factor like a text message or code generator app. Once enabled, signing in to your account will work a little differently.  You will enter your password as usual, then you will be asked for a verification code that will either be sent to you via text, email or even a phone call with a recording.

ATTENTION: After enabling two-factor authentication you will probably see error messages on your devices prompting you to sign in with your password and new authentication code. Some services even require a special app password generated during the two-factor process for things like email clients or third-party calendar apps.


  1. Sign in to your Gmail account online.
  2. Click on your picture or avatar in the upper right corner of the page.
  3. Click My Account.
  4. Under the Sign-in & security heading, click Signing in to Google.
  5. Under the Password & sign-method, click 2-Step Verification.
  6. Click the Get Started button in the lower right corner of the page.
  7. You’ll be asked to sign in again.  Enter your password to continue.
  8. Enter a cell phone number and choose how you would like to get codes.  Text is the most common but you can request a phone call.
  9. Enter the code you get from Google.
  10. If it worked, you’ll see a message on the screen that says, It worked!
  11. Click the TURN ON link to enable.

Feeling lost? Try these instructions straight from Google.

If your app requires an app specific password after enabling 2-factor authentication follow these instructions on Google's website.


*For your security, two-factor authentication can only be enabled from one of your devices.

On your iPhone, iPad, or iPod touch with iOS 9 or later

  1. Go to Settings > iCloud.
  2. Sign in if necessary, then tap on your Apple ID.
  3. Tap Password & Security.
  4. Tap Turn On Two-Factor Authentication.

On your Mac with OS X El Capitan or later

  1. Go to> System Preferences > iCloud.
  2. Sign in if necessary, then click Account Details.
  3. Click Security.
  4. Click Turn On Two-Factor Authentication.

A device passcode is required to turn on two-factor authentication.

Please be sure to add a trusted family member as a secondary text message backup key recipient.

Feeling lost? Try these instructions straight from Apple.

If your app requires an app specific password after enabling 2-factor authentication follow these instructions on Apple's website.

  1. Sign in to your Yahoo Account info page.
  2. Click Account Security.
  3. Next to Two-step verification, click the On/Off icon in the two-step verification process.
  4. Enter your mobile number.
  5. Click Send SMS to receive a text message with a code or Call me to receive a phone call.
  6. Enter the verification code | click Verify.
  7. The next window refers to the use of apps like iOS Mail or Outlook. Click Create app password to reconnect your apps. See the section below for more info:

Using two-step verification with apps

Some apps (like iOS Mail, Android Mail, Outlook, and Yahoo messenger for PC) require a specific password to connect that app with Yahoo. If you enable two-step verification, you'll need to create a third-party app password to use in apps like these.

Generate an app password from a desktop browser

Before you can generate an app password, you must either turn on two-step verification or enable Yahoo Account Key.

  1. On a desktop computer, sign in to Yahoo Mail.
  2. Mouse over your name.
  3. Click Account Info.
  4. Click Account security.
  5. Click Generate app password or Manage app passwords.
  6. Select your app from the drop-down menu and click Generate.
  7. Follow the instructions below the password.
  8. Click Done.

Feeling lost? Try these instructions straight from Yahoo.

If your app requires an app specific password after enabling 2-factor authentication follow these instructions on Yahoo's website.

  1. Sign in to your account.
  2. Click your name in the top-right corner, and click Account settings.
  3. Click the Set up two-step verification link.
  4. Click Next.

Feeling lost? Try these instructions straight from Microsoft.

If your app requires an app specific password after enabling 2-factor authentication follow these instructions on Microsoft's website.

Two iPhone Security Tips

Two iPhone Security Tips

Your iPhone is an especially vulnerable device. It contains heaps of personal and company data, it roams from wifi to wifi, and it is small which makes it easy to lose (or steal). Yes, it is unlikely that there are people out to get you, but it is certain that there are people out to get whomever they can. You do not lock your door to keep out assassins, you lock your door to keep out opportunists. These are two things you can do to make your iPhone and yourself more difficult targets.


Certificate issue

Certificate issue



Security Certificates

Security certificates are a way for your phone to verify that a server responding to a certain domain name is authorized by the owner of that domain. When your phone alerts you of certificate issue, it is trying to tell you that the server your phone is connecting to is not passing this verification process. This alert is the iPhone equivalent of "Stranger Danger!"

It is within the skill set of a thirteen-year-old to construct a wifi network that will pretend to be any email server your phone tries to reach and collect a list of the servers, email addresses, and passwords that your phone passes to it. Fortunately, your phone attempts to verify the identity of the server before it attempts authentication. This gives us a chance to deny the bored thirteen-year-old hacker access to your email.

If you see an error like the "Cannot Verify Server Identity" notification above, please click "Cancel."

This Phone will Self-Destruct

OK, not really destruct, but self-erase. This setting will restrict the ability of someone who finds or steals your phone to gain access to your data. Consider the damage such access could do. Not only would such a person be able to read and copy all of your emails, notes, contacts, and photos, that person could very effectively pretend to be you to all of your contacts. This setting, found at the bottom of Settings > Touch ID & Passcode, configures your iPhone to erase itself after ten unsuccessful unlock attempts. You may remember a dispute between Apple and the FBI. This setting was involved.

With the Erase Data setting enabled, I cannot recommend strongly enough that you make regular or automatic backups through iTunes or iCloud. Also, you must enable a passcode, but I almost thought that suggesting a passcode could go without saying. Almost.

Back up your phone, then set it to erase itself if someone tries to break in.

Feedwire Security Axioms

Feedwire Security Axioms

  1. Security and convenience are on a continuum.
  2. People say that they want security but act like they want convenience.
  3. Security is something you must do, not something you can buy.

Thanks to Joshua Belsky for number three.

OS X El Capitan Upgrade Warnings

OS X El Capitan Upgrade Warnings

Apple generates a lot of buzz and excitement for new operating system releases, but adopting early can have negative side-effects. In general, we recommend people wait a few weeks to upgrade any software so that we can let other people have and solve problems for us. We do not earn points for putting out fires that we set ourselves.

Most software vendors have prepared their software for compatibility with the new operating system, but not all. So far, we have seen incompatibilities between the OS X El Capitan and the following software, and these are just the known knowns:

Microsoft Outlook 2011

After upgrading to OS X El Capitan, many users are unable to retrieve new email via Microsoft Outlook 2011. Outlook freezes and stops responding. Microsoft has released a patch to address this issue. The Microsoft patch is available here. Feedwire recommends updating Office 2011 before upgrading to OS X El Capitan.

Microsoft Office 2016

After upgrading to OS X El Capitan, many Microsoft Office 2016 users are experiencing frequent and seemingly random crashes in all Office 2016 applications. This issue has been acknowledged by both Microsoft and Apple, and fixed as of 10.11.1.

Dell SonicWall NetExtender VPN 

After upgrading to OS X El Capitan, NetExtender users are unable to connect to remote networks. Neither Dell nor Apple have acknowledged the issue or recommended a remediation. Feedwire recommends that Dell SonicWall NetExtender users refrain from upgrading to OS X El Capitan until further notice.Feel free to email us with any questions about upgrading.

Printer Drivers

Some Canon printer drivers will not install on OS X El Capitan. Canon has not yet published a list of compatible or incompatible printers and has not yet published updated drivers.

Printer drivers in general are problematic. Check with your printer manufacturer and with Apple for availability before upgrading. Apple publishes a printer driver list, available here, but it has not been updated since the launch of OS X El Capitan

Don't Panic

If you have already upgraded to OS X El Capitan and you are experiencing problems with these or any other software, we are here to help. Feel free get in touch via our help page or to email [email protected].

We will keep this article up to date as news comes in. Hopefully, all of these issues will be resolved within a few weeks of OS X El Capitan's launch.

Email Phishing and Social Engineering

Email Phishing and Social Engineering

You are [email protected] You receive an email from [email protected] asking you to please transfer $1.83MM to bank account 9900000005 routing 321174851 and to code it to "Operating Materials and Supplies Held for Use" for the Contoso project. This makes you suspicious, so you reply, and ask, "Are you sure you need this today?" The response comes quickly, "Yes, we need this to transfer today." You head down to accounting and have them make the transfer post haste, because you want the president to see how efficient you can be and how useful you are in a pinch.

Be Aware of the Problem

Sorry bub, you and your company are now victims of fraud and you are the heel. This fraud happened without any email accounts being compromised or passwords stolen. What happened? In this case, it turns out that and are not the same domain. The president has his name and picture on the company website, so do you. A little googling for "" reveals the standard format for email addresses. A little more googling reveals that your company is engaged in a big project with Contoso. "Operating Materials and Supplies Held for Use" is a reasonable general ledger code. All of this together constitutes a social engineering attack. This may sound far-fetched, but the FBI  tabulated more than 2,000 instances of this type of crime with losses totaling more than $200MM in 2014.

Wire transfer requests are not the only payloads for this type of compromise. An impersonated executive might ask her assistant for a "forgotten" password. An impersonated husband might ask his wife for the kids' social security numbers. The impersonated head of the social media team might ask for all of the social media account credentials. The impersonated head of casting might ask for copies of background checks. An impersonated clinical researcher might ask his boss for a patient's medical information. The possibilities are endless and hackers are patient.

What can we do about this? We have to be aware of the problem, understand a little bit about email, and act like we want to protect ourselves from these attacks.

A Little Bit About Email

Email is about as secure as paper mail:

  • It can be read in transit.
  • It can be forged.
  • It can be intercepted.
  • It can be stolen before delivery.
  • It can be stolen after delivery.
  • It can be copied without your knowledge.
  • It can be intentionally destroyed.
  • It can be unintentionally destroyed. 
  • It can be mis-delivered.
  • It can be misaddressed.
  • Its authenticity is not easy to verify.

People treat email as if none of those things are true. People ignore the realities of email security because of ignorance. People also ignore the realities of email security because email is incredibly convenient, and because security is inherently inconvenient.

Act Like we Want to Protect Ourselves

Giving up convenience is hard, but we do not have to be extreme about it. We do not want to become impossible to defraud, we just want to be harder to defraud than most other people and companies. We do not have to outrun the bear. We can ease the inconvenience burden by spreading it across multiple domains, political, cultural, and technological.

In our example case, you would have been saved if you had taken the time and inconvenience to call your president to verify the transfer. You would have gone from heel to hero. Unfortunately, if your company is like most, taking the time to voice-verify the request had the request been legitimate would have been met with impatience or anger. The politics of the office have to change to permit security. The change must be company-wide and be top-down, a choice to mitigate some risk by sacrificing some convenience.

Culturally, we want to foster security and awareness. We can use the same types of tools that we use for safety. Written procedures and occasional drills can improve security policy compliance and weed out bottlenecks. Regular security newsletters and meetings can help staff keep security at the front of their minds, or at least near the front. The hackers who succeed are asking us to do things that we already do or things that are not very unlike what we already do, and so seem innocuous. A small change in procedure, habit, or vigilance can shift this balance in our favor.

Yes, there are ways technology can help. People make the mistake of turning to technology first, mostly because it is something that can be bought, not something that one must do. Without people being aware of the problem and accepting a political and cultural change, new or enhanced technology will not help improve security. People can and will bypass security technologies to avoid inconvenience. Consider a propped-open back door. The same sorts of things happen to security technologies if people do not buy into and understand the justification behind the inconvenience that the security technology creates.

What is Next

Call us. Duh.

Feedwire can help improve your personal or corporate security posture and help you protect yourself from this and other attacks and exploits. We can help with culture, policy, and technology.

Cable Management

Eliav abhors messy cables, so he spent his Saturday cleaning up a new client's rack.

Tidy cables decrease troubleshooting times and patch-related errors. If your cables are a rat's nest, let us send Eliav in to help.

Do Not Pay WebsiteBackup Inovices

Do Not Pay WebsiteBackup Inovices

Today we started getting reports of a new fraudulent invoice scam. These invoices come from a company called "WebsiteBackup" and look legitimate. They are not valid invoices and you should not pay them. This image is a sample.


The scammers seem to be targeting domain owners. Unlike other scams with similar targets, this does not seem to threaten your ownership of the domain. If you've already sent a check or attempted to pay, please contact your bank.

If you ever have doubts about the legitimacy of an invoice or email having to do with technology, please do not hesitate to run it by us. I would rather answer fifty emails about an invoice than go through one stolen domain recovery.

The $500 Computer

There is a strong correlation between a new computer's initial cost and its performance characteristics. This performance is mostly or completely fixed over the life of a computer. Some components are upgradeable, but laptop processors are soldered to the motherboard. Some manufacturers (Apple) now sell laptops with fixed RAM and storage as well.

The minimum performance characteristics that software developers, engineers, and programmers (the world) expect computers to have increases over time. When you get a new computer, there is usually some margin between its performance characteristics and what the world expects. As time goes on, this margin closes and your computer seems slow. Eventually, the world's minimum expectation exceeds your computer's capabilities and your computer becomes garbage. The technique employed by computer manufacturers to drop the price of a laptop to the $500 point is to use components with less capable performance characteristics. These computers ship with a slim margin between their maximum capabilities and the world's minimums. They are slow to start and quickly become garbage.

Ballpark figures

$1500-$2500 computer will not be garbage for about 4 - 5 years
$1000 computer is good for about 3 years
$500 computer is practically garbage when you buy it

The $1000 computer seems to have the lowest cost per year of useful life   

The $1000 computer seems to have the lowest cost per year of useful life


Digging Deeper

Computers also have replacement barriers. It takes time / money / attention / effort (let's use money for our units) to move all of your data from an old computer to a new computer. Let's call that about $300. Over 15 years, if you're buying $2,500 computers and getting 5 years out of them, you go through 3 computers and spend a total of $8,400 on hardware and overcoming replacement barriers. The total cost of the $1,500 computers that last 3 years is $9,000. The $500 laptops that you want to throw out a window every year (because they are garbage) cost $12,000 over 15 years.

So "splurge" on a new computer because it's really saving!

Looking for A Few Good Nerds

Feedwire is growing. We are increasing our capacity to provide kick-ass IT support to you. In order to do so, we need more real live genuine Nerds on our staff. Finding qualified staff has been a challenge for us, and we could really use your help. Zach and Chris are a tough act to follow, but we have total confidence that with your assistance, we can succeed.

We’re looking for the fourth Beatle, the geek d’Artagnan, a master of all trades nerdy. Do you know anyone who might be a good match for our team? Can you refer them to us? Here’s a job description for you to share with your favorite future Feedwire Nerd. You can also click here to forward this very note to them.

Feedwire is a Los Angeles based IT consulting firm. We work to fill the three roles of IT in business today: Data protection and risk mitigation, enhancement and optimization of employee efficiency, and the support of business goals through intelligent technology choices and implementations. We fill these roles while maintaining the belief that technology can be magical, that Nerds don’t have to be nerdy, and that human skills are just as important as computer skills.

Our customers vary in size from residences and sole proprietorships to hundred-million-dollar companies. Their industries span entertainment, law, finance, retail, manufacturing, and more. We even work for some guys who wear mustaches and carry guns. They run mostly on MacOS and iOS with a smattering of Windows, Linux, Android, and Blackberry.

We are looking for a few good Nerds. In a single day, our staff members may be asked to wear many hats: CTO, Accountant, Suicide Hotline Operator, IT Manager, Tier 3 Tech Support, Network Engineer, DBA, Webmaster, and friend. Each role needs to be handled expertly. We find joy in solving problems and take pride in our attention to detail, all the while saving money, time, and grief for our customers.

Are you an IT Nerd rockstar? Are you amazing with Mac OS and terrific with Windows? Do you have a passion for technology? Are you the scientifically improbable love child of Doc Brown, MacGyver, Dr Who, Doogie Howser, and Chuck Norris? Join us! Fill out our application and take the test here:

If you refer a candidate that we hire, the entire Feedwire staff will take you out on the town for dinner and drinks, and if you’re lucky, dancing and karaoke. If you prefer, we can provide a few hours of IT support to you, on the house.

Henry Ford

If you need a machine and don’t buy it, then you will ultimately find that you have paid for it, but don’t have it.

It’s good advice. Perform a basic cost-benefit analysis: consider how much time is worth, and multiply it by the amount of time the machine will help you save over its lifespan. Is that number greater than or less than than the cost of the machine?

Ask a Nerd in Vegas

It’s been a busy month for this nerd. Feedwire traveled along with Profiles Television on their Escape Routes project. We designed and implemented a portable managed network to ensure their video streaming traffic priority over all other traffic on the production network. Malibu, New York, Atlanta, Miami, San Francisco, and finally, Las Vegas. The project was a win-win—it was both fun and successful. Now our portable managed network is available for rent, so if you’ve got a production office to set up and need some rock-solid managed network gear, get in touch with us.

I’m on my way back to LA, but I’ll be taking questions all day. Hit this nerd up via comments and receive answers to your questions. Any realm of knowledge is fair game. Nothing is off limits. Ask away!

Ask a Nerd in the City

Los Angeles is a fine city, but today I’m writing from THE City. New York City, where they know nothing about the taste of picante sauce, but plenty about the taste of pizza. I’m here providing IT support for Escape Routes, but that’s not all I’m up to. I’m also here to answer your questions.

Come one, come all. Submit your questions and behold the answers. Ask any question from any realm of knowledge. No subject is taboo, no question is sacred. I will beam your answers through the clouds.

Post questions to comments.

Mobile Me: The End is Nigh

Apple is killing Mobile Me. If you’re currently using Mobile Me to sync contacts and calendars with your iPhone or between computers, to collaborate with others, or to publish content, you have only a few weeks left (June 30) to transition to another service. Do not dilly-dally.

Alternative services are out there. iCloud is the most obvious candidate, but depending on how you use Mobile Me we can investigate Google, Google Apps, or Exchange as possible replacements. Your frinedly neighborhood Feedwire has successfully transitioned individuals and businesses from Mobile Me to each of those replacements.

This is a pain in the ass, but in spite of Rorschach’s fear, it’s not the end of the world. We’re here to make this change as easy as possible for you, your family, and your coworkers. Drop us a line and let’s get your data swiched before Apple pulls the plug.

We're Ready to Answer You

Are you troubled by strange questions in the middle of the night? Do you experience feelings of confusion while thinking about things you wish you knew? Have you or any member of your family ever let a question go unanswered? If the answer is, “Yes,” then don’t wait another minute. Post your question to the comments and ask the professionals. Feedwire! Our courteous and efficient staff is on call for 24 hours today to serve all your curiosity satisfaction needs. We’re ready to answer you!

No realm of knowledge is off-limits. All questions will be answered. Ask away!

Ask a Nerd about an Acronym

Today is a glorious day! Today, Ask A Nerd Day and No Acronym Thursday are coincident. In honor of this, I’d like to see questions regarding acronyms. We will decompress any and all acronyms. No realm of knowledge is safe from our understanding. Post any questions, but especially questions about acronyms, backronyms, initialisms, and abbreviations to the comments and you will get an answer from one of our Nerds. Asking? Ask on!

Ask a Nerd de los Muertos

We nerds are not afraid of the dead. In fact, we welcome any questions the dead might have for us today. Living participants are welcome too. Ask any question about anything in (or under) the world, and we will answer. Post questions to comments. Get asking!

Ask a Nerd at a Wedding

Feedwire friends John and Lindsay are getting hitched today. Congratulations to them! What better day than today to have your questions answered? All realms of knowledge are fair game - post questions to comments.

Introducing the Feedwire IT Budget Calculator

We have created a new tool for our friends to use, strangers too. We’ve consolidated our experience and expertise into a sophisticated automaton that asks you a few questions about your business and replies with a detailed breakdown of how you should plan your yearly IT budget. Neat, eh? Check it out here: Would you like to know more? Read on!

Ten Grand!

We started using Zendesk to manage our tasks and trouble tickets in 2008. We started with ticket #1. We are now above nine thousand, on our way to 10k. To celebrate our progress, and because we like numbers, we’ve got a prize lined up for whomever is lucky enough to submit ticket 10,000. It’s both a surprise and a prize. A prize surprise. Keep sending us your problems and we’ll keep solving them.

Another Day, Ask Another Nerd

Today is your chance to learn the answers to your questions. Technology is our forté, but all questions are within bounds. We’re even prepared to answer the question of life, the universe, and everything if you’re prepared to formulate it!

Example questions, to get you started:


  • Why is he climbing the mountain?
  • Who set us up the bomb?
  • What’s that blue thing doing here?
  • Who took my frog? Who found my frog?
  • How do magnets work?
  • What’s the difference between a nautical mile and a statute mile?


Whatever your question’s topic: natural philosophy, sports, mathematics, art history, design, astrology, economics, literature, linguistics, alchemy, or general trivia - we are ready, willing, and excited to answer.

Post questions from any realm of knowledge to comments.