The Connected Home

An Internet of Connected Things and More…

Using MS Authenticator for 2FA Everywhere

Two Factor/Multifactor Authentication can help keep you safe.

The bad guys are out to get you. They’re phishing in your email, they are using brute force to try to get your password so they can log into your email accounts, your Microsoft Accounts, your Google accounts, Facebook, Twitter, and just about everywhere that you use a password to log in. Having a strong and unique password for every site and account isn’t enough these days. You CAN do more to protect yourself. There PROBABLY ARE baddies trying to break into your accounts right now. It’s a fact of life. Want an example? I was amazed at the number of unique IP’s trying to gain administrative access to the WordPress dashboard on one of my blogs by trying to login through the WordPress interface. And I was horrified.

What can you do to protect yourself? My advice is simply ‘if you don’t have 2FA enabled, enable it now if you possibly can’. (And if you are one of the folks that still doesn’t have a smartphone, consider a physical device like Yubikey’s devices. Microsoft blogged about using this product for Windows Hello as well.) I won’t cover using these devices in this article, but be aware that if you don’t have a smartphone, you do have an option.) Note that, in some cases, you can use a secondary email address as an option to SMS or Yubikey, but it isn’t as secure and I don’t recommend it.

Two Factor Authentication (2FA) relies on something you know (like a strong password) and something you have (like a cellphone/smartphone) to help secure your email, online email and social media accounts, etc. There are additional ways to use 2FA, and you can read more about this at Wikipedia, Microsoft, and there’s a particularly good write up at Google. And Microsoft has a video:

 

Get the Microsoft Authenticator App

(Before you get started, if you don’t already have a cell phone number attached to your Microsoft Account as a recovery number, set one up. To do this, go to https://account.live.com/proofs/Manage and sign in. Full instructions on how to do this are here.)

First step is to get the app for your platform and install it on your smartphone.

iOS users – if you have an Apple Watch, you get a watch app that lets you quickly approve or deny.

Android App

Windows Mobile

Next open your web browser and go to https://account.live.com/proofs/Manage

Setting up 2FA for your Microsoft account: Setting up MS authenticator for an outlook.com/hotmail.com (etc.) personal Microsoft Account takes a few steps. Here’s a short video walkthrough of the process. I’ve obliterated personal information and made some edits for privacy, but all the steps are shown.

 

 

After setting up 2FA for an account, alerts will appear on your phone and you will be able to approve or deny each one. In iOS 10, tap the notification to open MS Authenticator. The alert will specify the account (I’ve covered this here for privacy) and you can Approve or Deny.

approve alert

I have an iPhone and an Apple Watch, and for me, using Microsoft Authenticator is non invasive and easy. Most of the time, I can approve the 2FA request right on my Apple watch.

apple watch

 

 

It’s pretty straightforward to set up Microsoft Authenticator with your Microsoft Account, but it may not be obvious that you can use the MS Authenticator elsewhere. Many online sites document using Google Authenticator, but don’t mention that other products, such as Microsoft Authenticator will work just as well (or better!). At a 50,000 foot level, you turn on 2FA and enable “use an app” and select the “+” add account in the app and then take a picture with your smartphone of a QR code to start the process. It is pretty easy to set up and well worth the extra effort. And in most cases, you can designate “trusted devices” so that you authenticate once (or every 30 days, etc.). For desktop programs like Outlook 2016, you can generate Application Passwords to enter into account settings instead of your regular password (and if the account is already setup, you just replace the password with the App Password).

Setting up 2FA for your Google account (iOS or Android):

Start by going to https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome and logging in if you aren’t already logged in.

Here’s a short demo walk through of how to use Microsoft Authenticator with your Google Account. And again, this process should work with any online account that lets you set up an authenticator app using a QR code, even if MS Authenticator is not specifically list.

If you turn on 2FA for your Microsoft account and any Google accounts, that’s a good start towards increasing your security (and hopefully your peace of mind). And you should turn it on for any online entity that offers it.

Get Hue or LIFX light alerts for Dona Sarkar Build Tweets

If you’re a hard core Windows Insider, you’ll want to be one of the first to know when new Insider Builds are available for download and corresponding blog posts go up. You can always watch @donasarkars Twitter stream (and check the hints that builds are coming in images she posts), but if you have Hue or LIFX connected bulbs, you can use IFTTT to set up an Applet (used to be called a recipe) to get a visual alert.

Dona has graciously agreed to include a new hashtag #flight when she tweets notifications about builds.

It is really easy to set up the IFTTT piece, and you will need to enable the Hue/LIFX integration by signing into your account if you haven’t already connected it to IFTTT.

The IF trigger action is Twitter, New Tweet from Search. Just paste from:donasarkar #flight into the field provided. For the THAT action response, select the Hue or the LIFX service and then determine what you want your lights to do (lots of options here).

If you want to be alerted every time Dona users the hashtag #windowsinsiders, you can create an Applet that uses a trigger action from:donasarkar #windowsinsiders.

Enjoy! Let me know on Twitter @barbbowman if these work for you.

 

flightinsiders

Turn Off Cloud Access to your WD My Cloud Device NOW

The technical press (like Engadget https://www.engadget.com/2017/03/05/wd-my-cloud-security-exploits/) is publishing info about a vulnerability that impacts WD Networked devices that have cloud access enabled. That’s great, but they aren’t providing info for non technical users on how to check their settings and turn off this access is needed. So here is that information:

1.Access the My Cloud Dashboard. To open your My Cloud Dashboard: Windows: Open a web browser and type in //devicename/ (or device IP address) to the browser address bar. If your device is named WDMyCloud, you’d type in //WDMyCloud/ and hit enter. The web page should open. You may need to login (hopefully you’ve password protected your device)

2.Click on the settings option on the top menu.

3. Scroll the page to Cloud Access and verify it is set to off (or turn off if it is on).

wdmycloud

While you are on this page, check the Firmware Update tab on the left and make sure you are on the latest firmware. Upgrade if needed.

Bluetooth Setup Work Around for 15031 Insiders Build (Use Dynamic Lock)

If you didn’t pair your cellphone before installing 15031, there’s a work around using the legacy control panel. Many want to test the cool new Dynamic Lock feature, but since the Settings App, Devices functionality is broken, think they need to wait for a new build.

Nope. The legacy control panel is still there and can be used to get Bluetooth devices paired.

1. Type Control in the Cortana Search field and open Control Panel

2. Change Category to Small icons if needed

legacy1

3. Select Devices and Printers

legacy2

4. Select Add a device

legacy3

 

5. Verify your phone is in discoverable; it should appear in the Add a device list. Select it and then select Next.legacy-4

 

6. Your phone and the Add a device window should display the same code. Select yes in Add a device and select Pair on your phone.

 

legacy5

legacy5a

7. Wait a minute or so while files are installed.

 

legacy-6

8. Voila! Paired phone is now visible in Devices and Printers

 

legacy-7

9. Last step is to go to Settings > Accounts > Sign-in options and toggle Dynamic lock to “on”

 

Enjoy!

Did the SP3 Simplo battery fix negatively impact LGC?

If you have a Surface Pro 3, you probably received a firmware update on or around 8/292016. This firmware update is a fix for Simplo batteries only. Most people have reported their SP3’s with Simplo batteries now show reasonable capacity (but there are customers reporting bricks).

A trend is appearing in the Microsoft Community Forums (Answers) that suggests that something in the firmware to fix Simplo has had a bad impact on Surface Pro 3’s equipped with LGC batteries. This thread has some folks posting about this http://answers.microsoft.com/en-us/surface/forum/surfpro3-surfhardware/surface-pro-3-with-lgc-lgc-battery-degradation/13d03fbe-1edd-489f-bd0a-2c07ff615128?msgId=25830051-4e6d-4a5d-b194-2e78168e6534 (and there are a couple of others).

If you have a Surface Pro 3, you should open an administrative cmd prompt and type

 

  powercfg /battery report

 

Save the file and if it looks like the samples below, post in the above thread. As you can see, these folks are stuck on a fixed, less than 100% capacity. This condition was not present prior to the 8/29 firmware update. You can also let me know on Twitter, @barbbowman if you are impacted.

5634

1 2 3 51

Categories

Archives