This is the season for hacked your e-mail account, Google, Hotmail and Facebook have a news system called "two-factor authentication \ implemented '

"My Gmail account has been recently while I was hacked on holiday in Slovakia. Said the hacker, I have been stolen at gunpoint in Spain and robbed, then the people asked for money to a money transfer account to send Spain \ read "the e-mail that arrived this week. "This has happened to other people, I suppose."

It has certainly: It's the high season for people who hacked their accounts, especially because so many are traveling, and thus either computers or networks that are exchanged and they trust too much.

For this reason, Google, Hotmail and Facebook (though not especially Yahoo) have all implemented a system called "two-factor authentication" to protect your account. The basic idea is simple: as you enter your user name and password, if you use a new device to access their system, you must also send a unique code sent to your cell phone into force.

The idea is to be against your user information over an insecure network or computer, the malware can run, record the exact details of the attempted theft to protect. And even if malware is detected, the one-time codes if you 've logged the code becomes invalid. So if they try to with your details stolen, they 'll be faced with a demand for a code - which will be sent to your phone.

Phone Protection

Ideally, the would-be thief won't have your phone – though the possibility that they might is the reason why you should protect your SIM with a passcode, and set your phone to lock automatically.

The problem is that not everyone uses 2FA (as it's also known) – and it's quite hard to force them to. "With 750 million users, it's quite hard to get a security feature to work for everybody," says Joe Sullivan, Facebook's chief security officer, a former US federal prosecutor who previously worked at eBay for six years and joined the giant social network in 2008.

For many people work at their usual computer, a username and password is sufficient security. But for others, 2FA is desirable, he says. "It 's like how do I lock a key to my front door, but I also have an alarm that I decide whether I or you do not."

Google and Hotmail, you can also set up two-factor authentication. Yahoo Mail not - How to avoid it in situations where you don 't trust everything on the network and computer that you' re with. (An Internet cafe should not trust the computer, on principle, even more open wireless networks in hotels, railway stations or elsewhere.)

One thing that is with two-factor authentication with all these services that, firstly, you need a cell phone number, and secondly, you must set it up before you travel Or at least while you 're on a trusted machine (which is none of the machines that you 'll encounter while driving ).

Turning up to a factor of two

To enable two-factor authentication:

• Found on Google, it 's the "Settings" tab at the upper right of the page. You have to set up 2FA trusted on a computer. (It 'sa good idea to have a printer at hand, then print that you can view a list of backup code that he provides for access only in case your phone is lost or stolen.) You' ll need a phone number to which the codes can be sent, is obviously an ideal mobile.

• In Hotmail, you must first add a mobile number in your Windows Live account overview page. (. Also, you must 'll do this on a trusted computer first) Then when you go Hotmail or other Windows Live services, you can choose to receive a one-code - a sequence of numbers that are sent SMS on your mobile phone - to use instead of your password. Make sure you do. Single-use codes expire after about 15 minutes, make sure also that you are from the account before leaving the machine.

• In Facebook, go to Account (top right) and account settings. From there, select Security and pprovals Log: This provides for a tickbox "Require me a security code to my mobile \ enter". Again, you must enter your number.

Yahoo doesn 't offer 2FA, which is a problem, because it brings your login information at risk. It isn 't no way to introduce him either, and the Guardian that a service called YToken by a Web page claims that there have in fact doesn \ has noted,' t, because it was not 't have enough demand for its owner.

If you need to access Yahoo emails while you're away, it's safest either to do it via a smartphone (with a Pin and phone lock) or set up a Hotmail or Gmail account which periodically logs in to the Yahoo account and shows you the email from it, and use more secure authentication with them.

Meanwhile, at Twitter

Twitter doesn 't have enabled two-factor authentication. "It is great and something to aspire towards," said Del Harvey, Twitter 's head of Trust and Safety. "But the fact that it took Google this long, with the resources it has, says it 's not easy."

In addition, many people use Twitter from their mobile phone - its 140-character updates mean that it 's ideal for the simplest phones and smart phones that send text only. (In a number of countries Twitter an SMS number to which you send to the possibility of upgrades has.)

"We get a lot of people who contact us to tell us, they 've lost her phone, and we have to turn off their SMS updates" says Harvey. Implement two-factor authentication for people who lose their phone "would mean, we lock them out of their [Twitter] account on the web and also make it incredibly difficult for them to get started again".

Although she uses Gmail, and the two-factor authentication, Harvey knows that if a sufficiently large number of users, you get 'll eventually a vast number who managed to not follow the instructions. "You 've lost your phone, or they didn' t write down the backup code, or - in this case - they will have saved the backup code, but they are on the phone and now they 've lost the phone. ... "

Harvey 's belief in human fallibility is touching, but substantial. "The users aren 't likely things that make it harder to use their account usage," she says. Instead, Twitter for adding simple security that your data will be concentrated to prevent "sniffed" through networks: now all links to Twitter via a secure SSL links (the https:prefix done in a browser toolbar, if you're on what looks like a Twitter page, but it doesn 't have the prefix, to end the session).

A Twitter spokesman said: "Users can access https Turn It 's not present by default, we'. Work on that, although \ .. "

Building a better password protection

This is of course won 't stop people guess your password if it is weak - a word in a dictionary or a simple combination of letters and numbers. (Yes use, many people 'abc123 "as the password. It' s not a secure password.)

You can change your password 's howsecureismypassword.net strength, which will tell you how long does it take the average desktop PC would take to crack the password. It doesn 't and passwords doesn' t ask for a username so you can trust.

For "abc123" the answer is "This is one of the 500 most common passwords - you might want to \ change". (For my personal Twitter account, the answer is "24,000 Year 'was.)

Facebook and Twitter out weak passwords search: if you try to open an account with a weak password, or one that has been shown, is used very much (as with hackers injury and after the great lists of user names and passwords) to create then block them.

"If we do this massive e-mails and stores passwords to see, we are sure to get to see make the e-mails and passwords," says Facebook 's Sullivan. "If we find that someone to the same email / password setup on Facebook, we change it, and force them to change it when they log on."

Facebook 's advantage is that it also force people to prove their identity by sending them to show pictures of friends - something that is the real person to do well in general, and someone else won' t.

Sullivan says that are somewhere between 1% and 10% of the passwords the same between the sites - a reference to another problem: the people with the same password between the sites. It is the largest single source of security vulnerabilities, in addition to weak passwords.

The ideal is that you use a different password at every site - what can be done if you want something fancy. It 's also good, numbers and punctuation marks - those that add complexity, and thus the difficulty to break them.

Especially if you use a different password at each site, then, if by some misfortune your user name (often an e-mail) is stolen along with your password to an (incorrect) grounds, then the automated tools that hackers use on other sites (including Facebook, Gmail, Hotmail, Twitter, and Yahoo) will fail to get them in. That 's success - at least as far as you having a worse day is prevented, as if your account hacked.