Please enable 2-factor authentication (2FA) with your OpenID provider to make it harder for hackers to abuse your OpenID identity.
Note that many of these identity providers won't require the second factor of authentication when you log in over and over on the same computer.
Don't worry, a hacker who stole your password is still required to do the full 2FA. Unless they are logging in through your computer.
Don't depend on 2FA to "fix everything". You still need to keep your computer secure.
See Bruce Schneier's essay "Two-Factor Authentication: Too Little, Too Late" for more information:
https://www.schneier.com/essay-083.htmlThat said, 2FA *will* make you a harder target for hackers.
Below is information on how to enable 2FA with various OpenID identity providers.
Google - https://google.com
Google calls it "2-step verification". They have instructions on how to enable it here:
https://support.google.com/accounts/answer/180744?hl=en&rd=1The more you use your Google account for (Gmail, Google docs, etc.) the more important it is to enable this.
Yahoo - https://yahoo.com
Go to
https://edit.yahoo.com/commchannel/sec_chal_manage and turn on "second sign-in verification".
They will ask for your phone number and send you a code in an SMS. Get the code from your phone and give it to the website.
When you log in from a new computer Yahoo sends a code by SMS (text) to your cell phone.
You do not need a smart phone for this - there's no need to run an app.
There are also other useful settings at
https://edit.yahoo.com/config/eval_profile"Create a sign-in seal" helps to prevent hacker sites from posing as Yahoo to steal your password.
Verisign/Symantec - https://pip.verisignlabs.com
Open vip.symantec.com in the browser on your smart phone. Install Symantec's "VIP Access".
Log in to pip.verisignlabs.com and click "My account" in the navbar on the right.
Under "VIP Credential" click "Add credential". You will be asked for two tokens.
Start the "VIP Access" app on your smart phone and enter the two tokens in the "add credential" form.
From now on you will need a one-time token from your smart phone when you log in,
in addition to your user name and password.
There are also some other options you may want to look at. "OpenID sign in security", "browser certificate", "information card".
If you don't have a smart phone, you could use a browser certificate.
"OpenID sign in security" helps to prevent hacker sites from posing as Verisign to steal your password.
Steam - https://steamcommunity.com
Go to "Steam" -> "Settings" -> "Manage Steam Guard Account Security" in the Steam client. Turn on Steam Guard.
Steam will send you a one-time 5-digit token by email as a second factor when logging in from a new computer.
