How to make your passwords more secure

An Australian man is suing Twitter for defamation after he was wrongly named as the author of a hate blog, a report said Friday.

If the Heartbleed security threat teaches us anything, it's that passwords don't offer total protection.

Browsers are supposed to keep passwords and other sensitive data safe, but a technical flaw in a widely used padlock security technology allows hackers to grab the information anyway. Even without this latest discovery, there have been countless disclosures of hackers breaking in to grab usernames and passwords, plus credit card numbers and more.

That's why many security experts recommend a second layer of authentication: typically in the form of a numeric code sent as a text message. If you're logging in to a website from your laptop, for example, you enter your password first. Then you type in the code you receive via text to verify that it's really you and not a hacker.

I've been using what's known as two-factor authentication or two-step verification on most of my accounts for more than a year, after seeing too many mysterious attempts to reset my Facebook password by someone who isn't me. The main exception was Gmail, but I enabled that recently after the discovery of Heartbleed. I was afraid the second authentication would be a pain to use, but things are going more smoothly than I expected after the initial setup.

The idea behind these double-layer passwords is to make it harder to use a password that's compromised or guessed. You're asked for a second piece of information that only you are supposed to know.

To balance security and convenience, you can typically bypass this check the next time you use the same Web browser or device. It won't help if someone steals your laptop, but it'll prevent others from using your password on their machines. If you're logging in at a library or other public computer, remember to reject the option to bypass that check next time.

The second piece of authentication could be your fingerprint or retina scan, though such biometric IDs are rarely used for consumer services. Financial services typically ask for a security question, such as the name of your childhood pet, the first time you use a particular Web browser or device. That's better than nothing, though answers can sometimes be guessed or looked up. Some banks offer verification codes by text messaging, too.

I like that approach and use it for a variety of email and social networking services. To me, email accounts are the most sensitive because email can be used to reset passwords elsewhere. That includes my banks and shopping sites.

The two-step requirement is fairly simple to turn on. With Google, for instance, it's under the Security tab in your account settings. On Facebook, look for Login Approvals under Security in the settings. With Apple IDs, visit appleid.apple.com rather than the account settings on iTunes.

After you enable it, you'll typically have to sign in to your account again on various Web browsers and devices. After entering your username and password, a code will get set to your phone. You'll have to enter that to finish signing in. This has occasionally meant getting off my couch to grab my phone from the charger, but that's a small price for security.

What if you're somewhere without cellular access and can't receive texts?

Most services have backup mechanisms. Google, Facebook and Microsoft have apps that will let you receive verification codes even when you're offline. Google and Facebook also let you generate 10 backup codes that you can download or print to keep in your wallet. Each can be used only once.

You can also turn off the two-step requirement temporarily if you'll be traveling without cellular access, though I don't recommend it. The reason I turned it on last year was because I was leaving the country and wouldn't be able to deal with further mysterious reset attempts.

Occasionally, you'll run into an app that won't accept the text code. Apple's Mail app on iPhones, iPads and Mac computers is one. Microsoft's Outlook software is another. If that happens, you'll have to go to your service's settings to generate a temporary password for that particular app. It's a pain, but I've rarely needed to do this.

There are several other challenges to making this work smoothly. For example, if you have a shared Twitter account, such as for your company or organization, two-step verification isn't very practical unless you also share your phone. There's a 12-character, hard-to-guess backup code you can use instead. But it's no security if you jot it down next to your main password.

The biggest problem, though, is losing your phone. Some services will let you provide a backup number, including a friend's cellphone or a landline phone. With Google, the code can be sent as a voice message instead of a text. Others offer a complex recovery code, which you'll have to jot down and keep in a safe place.

I know two-layer security is inconvenient. The first password is difficult enough to deal with. But think of the inconvenience involved should someone break into your account and shut you out. Consider the use of verification texts to be insurance.

Apple's sales surge, CEO promises exciting new devices

Apple unveiled a 7-for-1 stock split that should go down well with individuals who want a piece of a household name but could not afford to fork over $500 a share.

SAN FRANCISCO: Apple just bought itself some much-needed time.

On Wednesday, the company surprised Wall Street with news that it sold more iPhones in the March quarter than even the most bullish analysts had expected. It threw another $30 billion into an already sizeable stock buyback program and instituted an 8% quarterly dividend increase to boot. And profits rose by an unexpected 7%.

To top it all off, Apple unveiled a 7-for-1 stock split that should go down well with individuals who want a piece of a household name but could not afford to fork over $500 a share.


The litany of positive numbers sent Apple's long-stagnant shares up 8%. But it masked a more fundamental concern that has kept the company's once-unstoppable share price in check for over a year: when will, or can, Tim Cook pull another gadget out of Apple's hat?

"Most people will be talking about the split, increased dividend and buyback. But the real focus for the company and the stock is what and when is the new category" of product coming, argued Hudson Square analyst Daniel Ernst.

"Being an Apple investor in the last couple of years has required patience. And that's something investors in the last 10 years have not had to have."

No one would argue that Apple has had a phenomenal run over the past decade - first with the iPod, then the iPhone in 2007, and finally the iPad in 2010. But now, as Google spends billions to buy up technology from robotics to artificial intelligence, and Samsung Electronics and other Android-device makers swallow chunks of Apple's market share, some are impatient to see what Apple can come up with next.

Many Apple observers are betting on another successful emerging from its secretive labs in Cupertino, California in the second half of this year. Wednesday's strong showing will appease investors who want to see some stock action in the meantime, given Apple's stock has been stuck largely just above $500 for months.

"Agree completely with (Apple's) increased buyback and extremely pleased with results. Believe we'll also be happy when we see new products," tweeted billionaire activist Carl Icahn, who waged a Twitter campaign to get the iPhone maker to boost its buyback program.

For my next trick ...

That's not to say investors on Wednesday did not applaud a much healthier outlook for the company than was apparent in January, when disappointing holiday iPhone sales and a revenue forecast that implied flat growth in smartphone shipments sent the stock below $500.

Apple reported sales of 43.7 million iPhones in the March quarter, far outpacing the 38 million Wall Street had predicted. That drove a 4.6 percent rise in revenue to $45.6 billion - a record for any non-holiday quarter - beating Wall Street's projections for about $43.5 billion.

Executives singled out greater China and Japan, where iPhone sales jumped by strong double-digits, boosted by the recent inclusion of NTT Docomo Inc and China Mobile Ltd as carrier partners.

But whether Apple can again devise a revolutionary new product remains the central question in the minds of investors and Silicon Valley executives. Many hope the next iPhone, which sources have said will sport a larger screen with new display technology, will provide a timely lift to the company's bottom line in September.

In the longer term, the company still needs a game-changer, not so much to end up being Apple's next "iPhone," but because a truly successful new product will shore up Cook's stewardship. That would boost Wall Street's confidence in the post-Steve Jobs leadership while restoring Apple's reputation as a leading light of Silicon Valley innovation.

"Apple may never make a product that's as successful or generate as much revenue as the iPhone," said Morningstar analyst Brian Colello. But "investors still want to see new innovation, new products under Cook's leadership."

Cook has promised "new product categories" for 2014.

"We didn't ship the first MP3 player, nor the first smartphone, nor the first tablet," Cook told analysts on Wednesday's post-results conference call.

"It means much more to us to get it right than to be first."