I don’t trust Huawei as far as I can spit – but I agree with them 100% on this… America – like many Western countries (including Australia!) – has a long, LONG history of violating the basic human right for freedom-of-speech.
With so many companies and governments bending to the will of the Chinese Government, it’s great to see that some companies are not afraid to actually take a stand against China’s human rights violations…
Sure, Mitsubishi’s actions are not going to stop China from its human rights violations – but it will send a clear message to all of the other companies and governments out there, many of whom like to pretend such things do not happen. Hopefully, Mitsubishi’s decision will influence other companies and organisations to do similar things in the future, when others ignore China’s human rights violations or persecute those that push back against them.
Actions speak much louder than words and unfortunately, most of the world is content with just ignoring China’s human rights abuses; a small minority actually speak out against China and their human rights abuses, though I take this with a grain of salt.
Normally I would say that the internal issues in a country should be free from external intervention – but we are talking about China, a country which has one of the worst human rights records in the world, by a huge margin… In fact, China’s human rights record is so bad, it could easily be compared to that of North Korea.
Yet the world ignores these human rights abuses and on the rare occasions when something is said, it is said with extreme caution. Australian politicians for example, have been particularly enthusiastic about calling out China lately, but at the same time, they regularly remind us that China is one of our biggest trade partners and continue to import from / export to China.
Now I am not saying we should go to war with China – aside from the fact that China has one of the largest military forces in the world, very few people ever “win” in a war – but we should absolutely be hitting China with sanctions or moving our businesses out of China… If you start hitting China with sanctions and moving businesses out of China, there is a possibility they might cut back on the human rights abuses.
Of course, the issue here is that China is infamously stubborn and thus unlikely to stop with their human rights abuses even after sanctions or moving businesses out of the country, so a war might be inevitable… But at the end of the day, “the ends justify the means” and if war is what it would take to force China to stop with the human rights abuses, so be it.
But only after exhausting all other options… War should never be the first option, especially when you have people like Donald Trump in positions of power.
My point is though, that all these people (such as our environment-hating Prime Minister) who “call out” China for their human rights abuses are hypocritical, because such people are in a position to do something about said human rights abuses, but don’t… Which makes these people no better than China themselves.
So a couple of nights ago, my partner noticed some suspicious activity on one of my son’s online accounts and having looked a little closer, she quickly discovered that someone was in fact accessing one of my son’s online accounts when they should not have been… As you would expect, my partner immediately told my son to change his password and thus prevented any harm from being done.
But all this could have been avoided – even though the person accessing my son’s online account actually had his password – if my son had previously enabled two-factor authentication.
But what is two-factor authentication?
Two-factor authentication (sometimes called two-step authentication, 2FA or login verification) is exactly what the name implies – a second “factor” of security when logging-in to something…
For example, if I login to my YouTube account, I need to enter my password (the first “factor”) and then a code of randomly-generated numbers from an application on my smartphone (the second “factor”). Other ways the second “factor” might apply is a randomly-generated code sent to you by text message, e-mail or telephone call; a randomly-generated code via a physical device; approval in an application (e.g. if you are trying to login to a new smartphone, a previously-used smartphone running the same operating system might ask you to “approve” the login); or a physical “token” (e.g. a USB device) which must be inserted into the computer you are using (not very common in consumer applications).
In essence, it’s like being given the key to the bank, but not the key to the vault itself – you are not going to get access to the bank’s stash of money without the second “factor” (i.e. the vault key) and someone is not going to get into your online accounts without the second “factor” applicable to the website/service/application/device they are trying to login to. In the case of my son, this person would not have been able to access my son’s online account without him, because this person would not have had access to the second “factor”.
This sounds like a lot of overkill… I don’t get “hacked”!
Are you kidding? Think long and hard about just how many companies, governments, organizations and websites have been hacked over the years… Apple, Facebook, Google, Nintendo, Sony, Microsoft, SnapChat, Amazon, Twitter, countless government departments (including a couple of Australian Government departments), various banks/financial institutions, eBay, Evernote, Target and countless others have all been “hacked”. In many cases, the passwords were partially or completely available to the hackers.
I encourage you to have a look at this Wikipedia entry, which has a rather lengthy list of companies/governments/organizations/websites which have been “hacked” over the years (though it may be incomplete for various reasons).
I don’t have anything to hide!
Well actually, you do. With just your name and date-of-birth, someone can Social Engineer their way into a lot of your personal affairs… Add your e-mail address and the list of things they can access gets even bigger. Maybe you have some saucy photos/videos you do not want to share with the world, or maybe you even have a few “skeletons” in your closet – guess what, it is all about to be shared with the world!
With two-factor authentication enabled in your online accounts, access to your online accounts is nearly impossible because even if one of your online accounts has been “hacked” and the password exposed, the hackers would not have access to your second “factor”… Nothing is perfect of course and under specific circumstances (for example, someone intercepting your text messages or telephone calls, etcetra), two-factor authentication can theoretically be broken – but this is beyond the skills of most hackers and unless you are someone super-important and/or wealthy (lucky you!), it is pretty unlikely a hacker with such skills is going to go to that much effort just for you.
For us peasants though, two-factor authentication gets you about as close to being “unhackable” as you realistically can get.
So who supports two-factor authentication then?
You would be surprised at just how many companies, governments, organizations and websites support two-factor authentication these days. Some examples include:
- Google and “g Suite” (formerly “Google Apps”)
- myGov – most (all?) Australian Government accounts accessed via “myGov”
- Sony Entertainment Network/PlayStation Network
Although there may be entries missing (mostly due to the fact that this list is Community-maintained via github), I highly encourage you to have a look at this website and this website, which details many of the governments, companies, organizations and websites around the world supporting two-factor authentication… If there is something missing, feel free to create a github account and contribute to the list yourself (with regards to the first link).
Okay, how do I enable two-factor authentication?
The process varies, but you will usually find the option to enable two-factor authentication under your account or password settings; sometimes two-factor authentication may have its own option, and sometimes it may be found within an application/program instead (rather than on the respective website)(again, possibly under your account or password settings). In a small number of cases (such as banks and financial institutions), you may need to call the “customer service” telephone number for a government/company/organization/website and specifically request two-factor authentication be enabled on your account – if there is a charge for a physical “token” (as is usually the case with banks/financial institutions), pay it and thank me later.
Now the important stuff…
- Nothing will make your account “100% unhackable”, not even two-factor authentication – but enabling two-factor authentication will get your online accounts awfully close to being “unhackable”.
- In most cases, you will be given a set of “backup codes” when enabling two-factor authentication and these are exactly that – backup codes which can only be used once (each code), to get into your online account if you cannot provide the second “factor” (e.g. if you have lost your smartphone)… Save these somewhere on your computer, have a “hard” copy (that is, a printed or written copy) somewhere secure (e.g. in a safe or locked filing cabinet) and do not lose them – in many cases (though not all), you will not be able to re-gain access to your online account if you cannot access your second “factor” and you do not have a copy of your “backup codes”.
- Do NOT save your “backup codes” online (e.g. in a “cloud” storage service) and do not e-mail them or otherwise transmit them over the Internet… There is simply too much risk and having access to these “backup codes” will usually give full access to your online accounts. Keep them offline at all times, and only transfer them between computers/devices manually (e.g. via USB).
- Two-factor authentication is NOT an excuse for a weak password… You should still use “strong” passwords for everything (i.e. completely random, at least ten-characters, mixed case, numbers, letters and symbols), whilst having different passwords for everything – if you keep your passwords in an electronic “wallet” (e.g. KeePass, LastPass, eWallet, etcetra), do NOT save your electronic “wallet” online or transmit your electronic “wallet” over the Internet; keep it offline at all times.
Do yourself a favor – enable two-factor authentication and when your favorite website gets “hacked” next time, you can sleep soundly knowing it’s pretty unlikely the hacker will be able to access your account… Everyone else, well they won’t be so lucky.