Using Google’s Two Step Verification

If you don’t know what 2-Step Verification is here is a simple explanation: The two-step system uses both a password and a numerical code tied to your mobile phone, which can be sent by Google via SMS or generated by a smartphone app. Either way, it means a prospective hacker would need to obtain both your password and your phone to access your account.

I’ve been aware of Google’s two-step verification system for some time, but I felt my very strong password, the fact that I don’t use that password anywhere else and that it could not be ascertained by usual social engineering methods, was more than adequate protection. I was also concerned the system might be a hassle to use since I routinely sign in from so many different computers and locations. I already do use a password manager (KeePass) that requires not only a master password but I also use a key file too. [There are other very effective password managers out there I suggest you use one. Ars has a good article about that here.]
But with the massive increase in hacking and high jacking of information and the advancement of brute force cracking technologies and techniques I felt it was time to get onto the 2-step wagon.

Also I suggest that if you use Yahoo mail for anything you migrate towards Gmail or some other ISP. Yahoo has one of the worst records for email security. They are  hacked all the time! One recent article is here.
And for petesake please do NOT ‘link’ your Facebook account with Yahoo – that too is a major source of hacked Facebook account activity. If you currently have it linked I suggest you separate it. You can read how here and here.

So here is a brief explanation of how to enable 2-step verification. I will also link to some other resources on how to enable and use it at the bottom. If you find this too complicated or too much of a hassle you can always disable it very easily.

So let’s get started. Login to your account and go to Account then. Security

image

In the Security list you’ll see 2-step verification. This is where you can ‘turn it on’ and edit the settings.

image

Printable backup codes. Warning: If your phone is unavailable, these codes will be the only way to sign in to your account. Keep them someplace accessible, like your wallet, desk drawer or other safe place. Printable backup codes.

image

Here click on ‘Show backup Codes’

image

I printed out a set and put them someplace safe. I also saved them to a text file and imported and copied that text file of codes into my Password management application – KeePass.

If you click on the Application Specific Passwords you can create them for you other applications like Outlook, iMail, ThunderBird etc. Just give it some useful name, click on ‘Generate Password’ and then make sure to copy (or right down) that password – it is only shown once! I just copied each one to a text file so I could then paste them into the proper field (password) on my Outlook/configuration setups.

image

Some other links and info.

Here’s Google’s info page. And more here.

Setting up Mac Mail.

Setting up Outlook.

One more thing to consider if you’re a paranoid guy like me. I have all my browsers set to delete Internet history, cache and cookies when I close my Browsers AND I also run CCleaner many times a day to clean out temp files. Doing this will clear out the 2-Step ‘security token’ so you must manually enter some specific cookies to NOT be deleted in your browser and/or CCleaner.

To create ‘safe cookies’ in Firefox here is a good article. For Chrome go here and read the ‘Make exceptions for cookies for specific websites. The method is just about the same for InternetExplorer and Safari.

For CCleaner you can add the cookies to keep manually. Read here.

The actual cookie names you need to keep are here:

accounts.google.com
accounts.youtube.com
google.com
mail.google.com
apis.google.com
0.docs.google.com
docs.google.com

Hope this helps some. Peace out.

Add Gmail Contacts to iOS 5

Though many don’t realize it the process for importing your contacts to your iPhone from Gmail Address Book is quite simple. Getting them OUT of your iPhone can, depending on how their configured, be much more complicated. But that is for another post. I know that many supposed Mac techs and BigBox retailers will want to charge you plenty for this simple procedure, please don’t let them.

So here we are going to assume that your entire address book is connected to your Gmail account. To import/sync them we are going to use iPhone’s Microsoft Exchange configuration. So let’s go:

  • On your iPhone or iPad, open the Settings app.
  • Scroll down to Mail, Contacts, Calendars and select it.

Mail-Settings-iPhone

  • Next, add a new account
  • At the add account screen you’re going to want to select the Microsoft Exchange option. This is how we are going to import your Gmail contacts.

Exchange-Gmail-Contacts

  • Enter your Gmail address in the email field. Leave the Domain field as “Optional” and fill in your Gmail username (without the @gmail.com) and your password. You can leave the description but remember it so you know what it is later.

Form

  • Click next, the form will update and now include a Server field. In the server field enter m.google.com. Click Next or Done.

server-gmail-iphone

  • It will confirm that you want to sync your mail, contacts, and calendars. Slide these to On for Contacts and Off for the others.  Here we were only concerned with Contacts, BUT you can also synchronize your mail and Calendar too!

Happy computing!

 

Edit: after doing this many times for clients and others I’ve found a guy who created a great video on the above steps! You can watch that here:

Sync Gmail Contacts to iPhone

Stopping spam tip.

1st. USE GMAIL. Then enable ‘SmartLabels’ in Gmail’s labs portion of the ‘Settings’. This alone will cut bulk and spam to next to zero!

You can set up Gmail to retrieve just about any other type of email account you have. Read about that here.

If you don’t want to use Gmail the next part is still just as important.

2nd. DO NOT click on the ‘unsubscribe’ anywhere within a spam email. That just lets the spammer/scammer know that your email account is not only active, but you actually took the time, read and acted upon the email they’ve spammed you with!

Doing that only means your email address just got put onto the priority confirmed working spam list!

Get your Cloud Data down to your machine

Here are some ways to get your ‘cloud data’ backed up locally.

I know most people look to the ‘cloud’ for their secondary backups (if they even have a primary one) but few people ponder what will happen if their information is lost or compromised in the cloud or the terms of service of the provider that holds that information changes to your detriment.

I am going to provide some information on how to get your data out of your web email, Facebook and some other services.

One thing I see quite often is that people cannot access their online/web mail service at an important time to find information or they lose or have deleted the information they need and have no way of retrieving it.

So let’s start with web mail services. Today most people have very important information stored in their email; from plane reservations, business communications all the way to payment receipts. So in my opinion this is the first and most important place to start.

Get your mail downloaded locally.
For GMail. [My personal favorite!]:
Before you do anything, you’ll need to enable POP3 and/or IMAP in Gmail, which will let you access your accounts on the desktop. To do this, head into Gmail’s Settings and go to the Forwarding and POP/IMAP tab. Scroll down to the IMAP section and enable IMAP. Then save your changes, and open up your desktop email client of choice to set it up using the following instructions.

I use Outlook 2007/2010.

If you don’t have Outlook you can also use Thunderbird (an open source application by the Mozilla folks)

There are also a number of other mail applications you can use to get your information – Apple Mail, Thunderbird, Outlook Express, LiveMail etc..

I like using the POP3 connections over IMAP for most of my connections.
POP mail service has been available MANY times when IMAP has NOT – for my Gmail, Hotmail and Yahoo. If the ‘webmail’ is not available online because of a service interruption then IMAP will most certainly too. This is not usually the case with POP. HOWEVER there is a big caveat with POP – you must make sure in the advanced settings or your mail client that you choose "to leave a copy of the message on the server"!!

But IMAP does have its advantages too.
So pick what will provide you with the most features you feel you will need – I suspect that would be IMAP probably be best for most people.

To set up POP with Gmail look here,  and find your client and follow the steps.
For IMAP go here.  and find your client or device on the list and follow the instructions.

If you’d like to read further about the differences between IMAP and POP you can read this here.

For Yahoo mail it is a little harder if you live in the U.S..
Yahoo wants you upgrade to a "Mail Plus" paid account to get POP and IMAP access directly. But you don’t have to! The best option is to use an application called YPOPs. I’ve used it in the past to get my Yahoo mail connected to Thunderbird and Outlook with out any issues.

If you have Window Live Mail or Apple Mail the client itself downloads your Hotmail/.Live or MacMail/MobileMe data to your machine by default. BUT remember this is an IMAP connection so if you delete something from you Live Mail client on the desktop it will be deleted on the server!

One important thin that may people miss is to get their CONTACT data out/backed-up from their mail clients. Something I also feel is very important.
For virtually all web mail clients that is as simple as going to the ‘Contact’ section and finding and choosing the ‘Export’ option. Those can then be exported into a format that virtually any Email client can import.
That should get you going with your mail.

Now to Picasa.
Simplest way is to install the latest version Mac or PC and then simply go up to the menu and use File ==> Import from Picasa Web Albums ==> Select All.
And Flickr
You can use Flickr’s Flash based web app here  just click on the ‘start now’ and follow the instructions.
Or you can use the open source application Downloadr . Downloadr is a photo downloader for Microsoft Windows. It provides a simple interface to download large sized images from Flickr to your computer.

Now to Facebook.
If you have Yahoo you can easily download/copy all of your contact out. You can follow this tutorial here.  One tip is that I would suggest setting up a ‘temporary’ Yahoo alias with NO contacts in it so that you do not end up with duplicates or mismatched merges. Then export those and import them into any application you choose.

Also Facebook now allows you to actually export YOUR data to a file! Following this VERY well written walk-through right here. I’ve done it and it works great! You may have to wait a while before you receive your ‘confirmation email’ and link but you will be able to get your stuff.

Finally there is an open source application Called MyCube Vault. MyCube Vault Backs Up Your Facebook and Google Data Regularly
Once installed, the app requires you to authorize it to each of the services you want to back up. From there you can tell the service where to store your backups and how often to save your data. If you’re concerned about downtime or just wary of keeping your data in the cloud, it’s worth a look.

I checked it out and it works well.
Windows version here

Mac version here

Well that is a long winded post and I hope some people will put it to use. Like backing up your local data don’t be the person who loses precious information because you were too lazy or couldn’t be bothered to learn something new.

Peace.

Security news – Gmail spear phishing attack

There are some very splashy news stories going around saying ‘Google was Hacked".. Oh no sky is falling.

Let’s be clear. GOOGLE WAS NOT HACKED!
What happened is that many ‘targeted users’ were ‘Phished’ – the users where ‘conned/tricked’ into giving up their security information and passwords. This is called ‘spear phishing’

Essentially Gmail’s login screen was mimicked, and people were tricked in ‘re-entering their information, and hundreds of Gmail accounts, including those of U.S. Officials were then compromised in this very targeted Phishing attack. You have to read a little bit into these articles to actually find the true nature of the supposed ‘attack’.

To be clear – Hacking is done by a very skilled person on whatever his target is, phishing is done by almost anyone to anyone dumb enough to let themselves be tricked!

Here is one headline

and another

Google’s blog page has more details here

The simple thing to take a way from this is to be ever cautious of where, when and how you enter in any information online – to ANYONE.
AND use strong passwords.

The way this attack was carried out can be seen in this analogy I used with someone.

Suppose you went to the bank ATM, put in your card and entered your PIN. You then carried out your transaction; looking up your balance and making a withdrawal. After you are finished you take your cash, receipt and card and prepare to walk away.

At that moment someone comes around the corner wearing a shirt with the bank name – looking ‘all official’ and asks to look at your card because the bank is ‘tightening up security for it’s special clients.

You hand it to him. He then asks for your PIN; you know just to make sure you are who you say you are. He writes down your name, card and PIN number and hands back your card and says, "thanks, we just have to be extra cautious nowdays…"

In this scenario you just handed that person everything they need to know about how to royally screw you.

This is the same thing that happens with these ‘phishing’ and other types of ‘social engineering’ cons and scams.

People – please use extrodinary caution when dealing with personal information.

Google has an awesome security protocol called ‘Two Step Authentication’ and it is well worth the extra time and effort to set up.

You can learn about Two step authentication in this video:

[Remember about Application Specific passwords if you use Gmail on your Smartphone or desktop (Outlook, Thunderbird etc.)]

Backup your Facebook Profile Information

I am going to show you two (2) methods of obtaining your Facebook contact information; Names and email account information. One via a browser extension/add-on and another via using an ‘intermediary’ email account – in this case Yahoo.

As I have written many times I love me my Firefox browser. With the add-ons/extensions and tweaks I use, I am able to make use of my Browser as my most important productivity tool. With Firefox extension/add-ons and Greasmonkey extensions I have been able to do just about everything I’ve ever needed to with a browser.

I do also use Internet Explorer for some of my Microsoft sites where it is needed and Google Chrome – though primarily a portable version and/or on my Linux builds. It is also good to check any site building/scripting in all these browsers for differences in behavior.

One reason I don’t use Chrome that often is that although I love many things Google (Gmail and Google Apps in particular), I don not like the fact that just about EVERYTHING you type into Chrome address bar gets sent back to Google! AND the ‘google updater’ is constantly running in the background.

For this reason I use Chrome portable. You can pick up the latest version here. [For a Standalone Installation – To install a portable app by itself, or manually, just browse to the location of the [AppName]_Portable_x.x.paf.exe file you downloaded. Double-click the file to start the installation. Follow the on-screen prompts and select the location you’d like to install to. Within the directory you select, an [AppName]Portable directory will be created containing the portable app.]

Method 1 – Chrome Extension:


Now for the fun! I just found a Chrome extension that is totally awesome but so far is not available or does not have a like kind for Firefox 4. Get a copy of Chrome and install this extension – It is called the
"Facebook Friend Exporter", get it here. 

This extension allows for exactly what it says. You can install this plugin, log into Facebook, go to your ‘Friends’ page and then export all of your friends profile information that is contained in YOUR Facebook profile page(s).
This extension will allow you to get your friends information that they shared to you:
– Name
– Emails
– Phone numbers
– Screen names
– Websites
– Address
– Birthdays

Two methods of exports
– CSV file (if you have many friends, greater than 500, it will be very slow)
– Gmail Contacts (It will place them into a folder called "Imported from Facebook")

Notes:
– An "Export" button will appear on Facebooks toolbar on the top.
– Click on it and it will open a screen to start processing.
– Depending how many friends you have, this may take a very very long time to complete.
– For example: Exporting 100 friends will take at least 30 minutes!!

Additionally I may upload a copy of my portable Chrome build with all the extension already packed in; but that will have to come later.

Method 2 – Via Yahoo:

Another simple method to get Facebook contact information is to use a Yahoo email account.

· Import Facebook Contacts into Yahoo Mail

  • Step 1

Create a free email account at Yahoo Mail if you don’t have one or a use a new one to keep your contacts separate. Make sure you can send a test email out – to ‘verify’ your account. Log out of the Yahoo Mail account, once created. Close all open browsers.

  • Step 2

Open a new instance of a web browser and enter the URL for Yahoo. Log into your ‘general’ yahoo account. [make sure if you have the ‘redirect remover’ Firefox add-on installed in your browser to disable it temporarily]

  • Step 3

Click the "Facebook" button usually down on the lower left hand side. A login prompt will appear requiring a valid Facebook user ID and password.

  • Step 4

Log into the Facebook account where the contacts reside you wish to get. Open a new ‘Tab’ in your browser and type in Yahoo.com (you should still be signed in there too.) As soon as you logged in through the Yahoo Address page, the Facebook contacts will be available in Yahoo Contacts. Open the Yahoo ‘Contacts’ and choose to ‘get/import’ your contacts. A Facebook icon will be displayed and you will be asked if you are sure you wish to import them. Say yes of course and in a few moments all your Facebook contacts (names and email addresses contained in Facebook address book) will now be in your Yahoo Contacts! That simple!!

Contacts that are in Yahoo can then be exported for use in many other email applications. You can choose to export in a few different ‘.csv’ file formats, a single Outlook file format or a zip file containing all the individual files in an ‘address book card’ files format (.vcf). .VCF files can be imported into many applications – Gmail being one, not just Outlook.

· Export Facebook/Yahoo Contacts as a CSV File

  • Step 1

Click on the "Address Book" tab in Yahoo Mail.

  • Step 2

Select "Address Options."

  • Step 3

Click "Import/Export." The Export dialog box will open.

  • Step 4

Click the button labeled "Export Now" next to the email client the export will be imported into. For example, if the exported CSV file will be imported into Outlook, select "Outlook."

  • Step 5

Type a file name for the CSV file into the input box, when prompted and click the "Save As" button. Save the CSV file. The file is now ready to be imported into the specified email client or utilized as data. Super simple!

SMS from GMail

I’ve written many times about how awesome a tool Google Apps Gmail is. Check out these links.

One

Two

Three

Four and I’m sure there are more just look.

And I’ve also written about how to send and SMS text to a phone via email.
Here
But that does require you know the service provider of your recipient.

BUT you can also send SMS messages directly to any telephone number from Gmail/Google Chat. A super useful tool if you are in front of a computer and the party you need to contact is not.
To do so from Gmail:

  1. Enter your contact’s name in the ‘Search or invite friends’ box in Chat, and select Send SMS from the box of options that appears to the right of your contact’s name. Or, if you already have a Chat window open for this contact, just click Options, and select Send SMS.
  2. In the dialog box, enter a phone number in the ‘Send SMS messages to this number’ field. For now, this feature works only on United States phone numbers. If you’re outside the US, you can still use it, but you won’t see the SMS option in Chat until you enable it manually in the Chat settings page. 
  3. Click Save.
  4. A Chat window appears. Just type your message as you would normally. When you hit Enter, the message will be sent to the phone number you entered.

If your contact replies, the text message response will appear as a reply in Chat. These conversations are stored in your Chat history just like regular chats (but keep in mind that you can’t go off the record while communicating via SMS).

Note regarding mobile phone subscribers in North America: depending on which mobile plans your contacts in North America have, they may be charged by their mobile providers for receiving text messages.
Read about more about it here:

Note that as you ‘use’ SMS quota you can increase the number you are allowed to send very easily.
A quota is an allocation of SMS (text messages) that you’re able to send to a mobile phone:

  • Initially, you’re granted a quota of fifty messages.
  • Every time you send a message, your quota decreases by one.
  • Every time you receive an SMS message in Chat (for example when a phone user replies to one of your messages) your quota increases by five, up to a maximum of 50.

If your quota goes down to zero at any point, it will increase back up to one 24 hours later. So, you won’t ever be locked out of the system

SMS in Chat Commands:
Here are some commands that might come in handy for you down the road when using SMS with Chat:

  • HELP: Text this command to any Gmail SMS number and you’ll get a response reminding you of some of the basics of SMS and a refresher of some of the other useful commands
  • STOP: This command will block all SMS messages from Gmail
  • START: Re-enables you to receive SMS messages from Gmail if you’re currently blocking them
  • BLOCK: Send to the code number for a particular contact to block messages from that specific person
  • UNBLOCK: Allows a blocked contact to send you SMS messages in the future

Free calling in Gmail extended through 2011

Google initially rolled out free voice calls in Gmail (via Google Voice) as something they would offer through 2010. Now, "in the spirit of holiday giving," they’ve extended free calling through all of 2011.

In case you haven’t tried it yet, dialing a phone number works just like a regular phone. Look for “Call phone” at the top of your Gmail chat list and dial a number or enter a contact’s name.

More info here

A little Firefox fix

Something strange has been happening for me lately

I have been having some issues with my Gmail in Firefox, and in Firefox only, after the last security update. And as most of you know I am a HUGE fan of Gmail with Firefox.

What was happening is that my Gmail response was slow, Chat would disappear, and ‘respond’ and sometimes even ‘compose’ wouldn’t work making my productivity slow and frustration speed up.

This was only in Gmail not in iGoogle. And only in Firefox, all worked in IE and Opera.

So after doing loads of searching I found the fix:

It appears to have something to do with the additional security settings from the last Firefox update. And also may be related to the ‘Better Privacy’ add-on I use too.

To resolve the problem you can do the following

Open up a Firefox browser window and type in:

about:config

In the address bar.

Then click that you’ll be careful.

clip_image002

clip_image004

Then type in:

dom.storage.enabled

into the Filter search window

clip_image006

Double-click on the value to toggle from ‘false’ to true. [You can also right-click and choose ‘Toggle’]

Once the value is set to ‘true’ close any Firefox browser windows.

Restart Firefox and your problems should be gone!

Yay! Just thought I’d pass this gem along.

Gmail Integrates with Google Voice for Free Calls from Your Inbox.

Gmail is integrating Google Voice, bringing free calls to the U.S. and Canada and cheap international calls to Gmail—and it’s available today.

Calls to the U.S. and Canada will be free for at least the rest of the year and calls to other countries will be billed at our very low rates. We worked hard to make these rates really cheap (see comparison table) with calls to the U.K., France, Germany, China, Japan-and many more countries-for as little as $0.02 per minute.

500x_screenshot2

As soon as it’s available in your account, you’ll see a Call phone link in the Chat sidebar of Gmail. Click it, search for a contact or dial their number, and voila—phone call. If you’ve already got a Google Voice number, calls you make from Gmail will show your Voice number in that person’s caller ID. You can also receive calls (if you choose) made to your Voice number directly in Gmail—making it a fully legitimate VoIP solution.

Google’s rolling out the feature over the next couple of days in the U.S., so keep your eyes open. You’ll need to have installed the Voice and Video plug-in to use it. It’s not available on Google Apps accounts (yet), but Google says they’re working on it.

Here is the rate chart for international calls.

With the great quality of voice and video chat already built into Gmail/GChat I think this is a killer solution.

Get Caller ID from Your Computer

clip_image001

Let’s say you’ve got a landline set up with Google Voice and you don’t want to pay for caller ID. Or you just spend a lot of time staring at your computer. If you’re logged into Gmail, and someone rings up your Google Voice number, you can see who’s calling on your computer without digging your phone out of your pocket.

Transfer Calls to (and from) Your Computer to Save Cell phone Minutes

clip_image002

Assuming you’ve already added your Gmail Chat account as a number that can be reached through Google Voice (which also assumes you’ve signed up for Google Voice), you can transfer calls from your phone to your computer to save cell phone minutes. Here’s how it works:

1) If you’re logged into your Google account, go to the Google Voice phone settings page. At the bottom, you should see a new option for Google Chat (like in the image). Make sure it’s checked.

2) Now, when you’re in the midst of a call on your cell phone—let’s say you were talking to someone in the car, and now you’re home—just hit the * (asterisk) on your phone’s number pad to send the call to another Google Voice phone. If your Gmail account is open, your inbox should start ringing. Pick up in Gmail and hang-up your cell phone.

The opposite works, as well—i.e., transferring calls out from Gmail to your cell phone. Oh, and remember: If you’ve got a decent Bluetooth headset, you should also be able to stay relatively mobile, even if you’re talking from your computer.

Find Your Misplaced Phone

Misplace your cell phone under a pile of clothes or deep in your couch cushions? If you left your ringer on but don’t have another phone on hand, just log into Gmail, dial your cell phone number, and follow the faint sound of ringing.

Use It for a Quick-and-Dirty Speakerphone for Group Calls

Google Voice is already pretty good at setting up conference calls (demonstrated in the video above). Now that you can call from your computer, you’ve also got a quick-and-dirty speakerphone perfect for the group of people sitting around a table on your coast.

Make a Quick Follow-up Call in Response to an Email

This is less of an "amazing new thing" than a nice, practical side effect of having one more thing integrated with your inbox. Say you get an email from a colleague. You want to send a quick follow-up, but it’s going to be a lot more appropriate talking than typing a reply. Dial the person up in Gmail and talk it out without disrupting your workflow.

Secretly Record Calls

Google Voice has handy recording function, but whenever you enable it (hit 4 to start and finish recording), Google Voice announces "This call is now being recorded." Prefer to record a conversation surreptitiously? Calling from Gmail puts the audio on your computer, where you can use any number of tools to record your system audio on-the-sly. (For example, despite what I thought at the time, Whitson later told me he wasn’t aware I was recording the call in the video above.) File this under the know-your-state-laws category.