An Important Update

Dear Followers Of This Blog ...

If you did not use a Blogger / Google account when you Followed this blog, years ago, you are probably not Following now . During the past...

Thursday, February 04, 2016

Protect Your Online Life - Prevent Blog Loss

We've been seeing a few queries recently, in Blogger Help Forum: Get Help with an Issue, suggesting very subtle account attacks going on.

Some reports are about accounts locked (and blogs temporarily offline), because of "suspicious" / "unusual" activity. Other reports are sadder - and mention blogs now owned by another person. When we're able to identify the new blog owner, too many look like intentional hackers.

Temporarily offline - or permanently stolen - both are stories that you do not want to tell. Fortunately, both stories can be prevented.

If you know the risks, and you can protect yourself and your Blogger account, you can be simply irritated by the ongoing hacking attempts.

I, personally, am no stranger to semi successful hacking. This blog has been taken offline twice, since Blogger / Google started their hacking mitigation program ("suspicious" / "unusual" account activity detection).

Once the activity takes place, and is detected, your account will be locked, and your blogs taken offline - though you may not see the two conditions as connected. However, if you protect yourself, you can treat an attack as a mere nuisance.

Consider what details are used, by Google, in requesting backup authentication.

When Google requests additional identity details, after you have successfully provided your account name / email address, and your password, they will ask for demographic details such as:
  • Any passwords that you have used previously.
  • What services (such as GMail, Google+, YouTube) have you used - and when did you first use them.
  • How recently did you use a given service.
They appear to request these details randomly, in an effort to keep the hackers guessing.

Observing that these details are sometimes requested, it would make sense to have a 2 part policy.
  1. Don't reveal these details, about yourself, online.
  2. Take a few hours, whenever you have time - research, and record these details so you will have them when they are useful.

If you travel frequently - or if your Internet service makes you appear to move around your immediate neighbourhood - you may need these details sooner than you would expect.

If your Internet service changes, giving you a new email address - or if you change jobs, graduate from school, move and have different / new Internet service - prepare for the change. The first time you login, after a change, have the details needed, where they can be conveniently retrieved.


You may see this notice - even when you did nothing wrong - if your account is disabled for "suspicious" / "unusual" activity. Google code can be fickle, at times.

Here's hoping that you don't suffer from high blood pressure or chronic indigestion.



Google 2-Step Verification is a better way to protect yourself.

Google 2-Step Verification uses any of several options.
  • A physical USB key, registered by you before trouble starts.
  • Backup, one use authentication codes, retrieved by you before trouble starts.
  • An authentication code generator, installed on your smartphone / tablet, registered by you before trouble starts.
Note the requirement "before trouble starts". After you get the "Your account is now locked" advice, and see your blogs now offline, it may be too late.

I, personally, see the "suspicious" / "unusual" activity notice - or receive "Please provide additional proof of identity" - several times yearly. Using my USB key, inserted into the computer, and tapping the button, I am generally back online within minutes.

If you're lucky, you may need neither additional details, or 2-Step.

Not everybody will need either proof of identity. I suspect a large proportion of the world population will go through life without ever seeing the "suspicious" / "unusual" account activity warning.

And if I convince you to do any or all of this, you never need to do it - and you come to me in 5 years and call me a wanker or worse, for wasting your time - I'll smile and at least know that you are not one of the people in the forum.
My blog is offline and I had to spend time figuring when I setup my GMail and YouTube accounts!
or
Help me! My blog is missing from my dashboard - and it's throwing spam at my readers!
I really prefer being called a wanker (or worse).

---

Some Blogger blog owners are reporting new instances of "suspicious" / "unusual" account activity - some successfully executed, and blogs stolen. The sad part is that much of this can be avoided, by advance owner action.

Researching backup authentication details, and / or use of Google 2-Step Verification, can allow the owner of an attacked Blogger account to growl, and respond - and possibly have the account and blog(s) back online in minutes or hours. But the work has to be done before trouble starts.

Dude, hit me with a comment!

Olde Dame Penniwig said...

So, is there a way to put that 2-step into place with an existing blog? A way to turn just my regular logging in, into a 2-step log in? Yes, I could seek the answers to this elsewhere, but you're just so darned smart at these things!

Chuck Croll said...

Hi Penniwig,

Google 2-Step is an option that you add to any Blogger / Google account, from the "My Account" page.

Check out the current 3 options offered.

http://blogging.nitecruzr.net/2013/06/use-google-2-step-verification-to.html

Olde Dame Penniwig said...

Thank you! I will go to the link!