We bang on a bit about security at Ausdroid and often repeat the same messages. That’s probably because we know that a lot of users don’t pay a lot of attention. You should be taking the security of your mobile devices very seriously — your entire life is probably in that thing!
If you’re a seasoned Samsung user then you’ve probably got a lot of personal data in your Samsung account and/or Google account. So with the launch of the next Samsung devices only three weeks away, it felt like an opportune time to have a quick refresher on good general security practices and how you can use these with your Samsung account.
A handful of simple steps can protect your account from unauthorised access and you from potential data loss.
What is 2FA?
Two-factor authentication (2FA) is a second step after a user enters their login and password combination. Only when that is correct will the 2FA be triggered and there are multiple ways to achieve this.
By far the most common way to get 2FA is by SMS. When you sign up to a site, they take your mobile number and send you an SMS with a code once your username and password are correctly entered.
This is all well and good until you’re not in mobile coverage, perhaps overseas or – becoming more common – lose your mobile number to a hijacker. Then you lose your 2FA delivery and access to your accounts.
There are a lot of options in this realm. You can use the Google Authenticator, Microsoft Authenticator or Authy (another commercial option with plenty more available). This setup is more for mobile users who have their devices with them at all times. When setting up 2FA the site will generally present a QR code for scanning which then gives your mobile device access to codes allowing account access.
By far the most secure option where a physical piece of hardware — eg. Yubikey is a common option — is linked to your accounts. When you enter a login and password, a prompt appears on-screen to plug in your hardware key. This handles the handshake and secondary authentication.
How to turn on 2FA for your Samsung account
Now I’ll be honest… until I was doing a check through my accounts and security very recently, I didn’t realise that Samsung has 2FA available. So let’s start with the obvious – turn that on!
The process is simple from the web interface: https://account.samsung.com
You will find a security panel in the middle of your screen where you can change your password or activate 2FA. You’ll have to accept a notification to proceed, then login to your account again. Just like that, 2FA is set up for your Samsung account.
The setup process is a little more complex via a Samsung Device, but the end result is the same.
- Navigate through the settings on your device to accounts and select your Samsung account
- Under your Samsung account, move through the password and security settings to toggle the two-step verification to “on”
- To proceed further you’ll need to authenticate again: Fingerprint or Password both work
- If you haven’t already, you’ll need to enter your mobile number and authenticate with a code sent via sms
It seems a little odd that there isn’t at least an authenticator app presented to me. When reading about the 2FA offered by Samsung it is apparently present, but that could be as my tablet is a couple of years old or a regional availability issue. SMS 2FA is significantly more secure than none, so well worth enabling.
Let’s take a quick look at the first line of defence, passwords and good practices.
The basics of good password practice
To go into depth on good password practice would take a lot of time, plus it would be revisiting posts that Ausdroid and many other sites have done in the past.
Here’s a quick list of dos and don’ts to have a think about.
- Every single password should be unique, this minimises the risk of a compromised site exposing more of your logins to unauthorised access
- Use a password manager, it’s a small investment to prevent potentially big loss
- If it’s available, use two-factor authentication – more on this a little later
- Use long and strong passwords, staying away from logical words and number sequences such as names or significant dates. Longer passwords are far less likely to be guessed or hacked by “brute force”. Including symbols and numbers further increases the complexity of passwords and reduces risk.
- Change your password somewhat regularly, if your account is compromised and you’re not aware of it this somewhat negates risks of continued private data mining.
- It should go without saying but don’t write your passwords down. Anyone could see it and go exploring through your accounts.
- Don’t share your passwords, if an account needs to be shared there is likely a way to add users to it.
Particularly on a post-it note stuck to your monitor!
This is just a quick list and by no means comprehensive, if you want to take this further there are a lot of references available by just a quick online search.