There's a lot of talk about people being hacked, especially on social media. In Sweden, SVT (Swedish PBS) even made a series about it called Dold (Hidden). They had some good advice about passwords - like don't use the same everywhere. They also had some questionable ones - like change passwords often.
However, they missed out on telling their viewers about the most important measure: activate two-factor authorization. Two-factor authorization (2FA for short) means requiring a one-time code on a separate device, usually your mobile phone, when you log in to a site or a service. Some sites use their own app for the one-time code (like Facebook), some use Google Authenticator (like Google themselves and Github) and some just use a regular SMS.
What's the benefit of 2FA? With 2FA activated no-one can log in to your Facebook account on a computer without also having your mobile phone. It doesn't protect you against someone stealing your mobile, but that's not how people's social media accounts get hacked. They get hacked by tricking people to input their password in the wrong place or when they use the same passwords on many sites and on of those get hacked and passwords leaked. Even with your password, a remote hacker from somewhere in the world can't log in to your account without the one-time code.
2FA sounds like a big hassle to use... Not really. Most sites only require the one-time code the first time you are logging in from a new device.
So what sites support 2FA? Well, a lot of them, especially the big ones. Some examples:
- Apple and iCloud
- Google and Gmail
- Office 365
- Instagram (not available for all users yet)
How do I activate 2FA? Here are tutorials for a lot of popular sites and services: https://www.turnon2fa.com/tutorials/
If I activate 2FA, am I safe? You are a lot safer. A lot. But no system is 100% failsafe. There are other ways of being hacked, especially since hack is such a fuzzy word. Another way of being hacked on social media is giving shady apps access to your accounts. That way hackers can read your private data and send messages and make posts as your profile. So when you've activated 2FA, please look through all of your connected apps on Facebook, Twitter etc. and remove anything you don't recognize and trust.