What is two-factor authentication?
Tech Target defines it as, “Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know.” Many websites use two-factor authentication with the use of a username and password along with the website sending you a multi-digit code to your phone. Many websites also have the ability to use authenticators such as Google’s Authenticator implementation of OATH, or Symantec’s VIP Access. In order to access a website that has been configured with the two-factor authentication method you need to have both pieces of information, as either one of them alone will do you no good.
This method adds an extra layer of security to all your accounts, as even if your password ends up being compromised the intruder will not be able to gain access to your account without the multi-digit code provided on your smart phone.
Another every-day example on how two-factor authentication works is with a debit card and PIN combination. The debit card is something physical that you have, and the PIN is something that you know. In order to withdraw money from the ATM you need both pieces in order to complete the transaction. In which case if you loose your debit card anyone that finds it will not be able to just walk up to any ATM machine and remove money from you account. The same holds true if someone were to determine your PIN number, without the card the transaction is again not possible. Furthermore once you are aware that either has been lost or compromised a quick call to the bank would invalidate either one or both forms of authentication and you would be provided with a new card and PIN number, thus keeping your banking information secure.
Why should you have two-factor authentication?
You may be wondering why you should even bother going through the trouble, time, and effort to set up two-factor authentication on all the supported sites. Many feel that their information is not important enough to warrant the attention of a hacker. The issue with that line of reasoning is hackers tend to do things just to disrupt your life, and for the sole reason of “because they can.” I am sure you have seen or heard of others that have had their email accounts hacked, or one of the social media sites such as Facebook, Twitter, or LinkedIn. Have these accounts hacked and having someone posting offensive material can be embarrassing and even damage your reputation. The small amount of time and difficulty that is required to setup two-factor authentication is greatly outweighed by the added security that you will then have on all your accounts.
What happens if I loose my smart phone?
As two-factor authentication generally uses your smart-phone to provide the second layer, either in the form of a received text message, or the use of authentication apps you may wonder what would happen if you were to loose your smart phone. Would not this mean you would now be locked out of all your web sites? Every website I have set up two-factor authentication with has provided me with a backup or restore key that you can use to get into your account if you find yourself without your phone, or in a location where you phone cannot receive a text message. The majority of the websites also make you verify that you have printed out your backup keys onto paper by making you enter in one of those keys before letting you continue. These key codes are never to be stored on your computer, and should be filed away in a safe location where you can access them if ever needed. With these codes you could then log into your account and either disable two-factor authentication or reconfigure it to send your verification key to a new smart phone.
What websites support two-factor authentication?
There is quite a long list of websites at this time, and they are increasing as time goes on. Some of the more popular sites that many use day to day include:
- Apple ID
- Yahoo! Mail
This is no where an exhaustive list, to see very detailed list be sure and visit the Two Factor Auth list.
How do I go about setting up two-factor authentication?
Each website listed above will provide step by step instructions on how to go about setting up two-factor authentication, as well as what method they support, whether that be Google authenticator, Symantec VIP, a text message to your phone, or some other method. My experience to date I have seen Battle.net uses their own authenticator that rotates a random 8 digit number every few seconds. eBay and PayPal can both be linked together and can use a number of different options. You can order your own credit card size authenticator from Paypal, configure the service to text you the code to your smart phone, or use a third party authenticator with their websites. I went the route of using Symantec VIP authenticator, the method you decide to go with should be based on what works best for your situation. Apple has the option of sending you a text message, or broadcasting the code to any of your connected Apple devices, such as an iPad, or iPhone. Dropbox, Google, WordPress, Evernote, and Facebook were all compatible with Google’s Authenticator.
The list above are all click-able and will take you to the page that describes how to configure two-factor authentication for each services. I am including how get started with Google for your convenience.
- Sign in to your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then clicking Account.
- At the top, click Security.
- In the Password box, click Setup next to “2-Step verification.” This will bring you to the 2-Step Verification settings page.
- You will then see a step-by-step guide which will help you through the setup process.
- Once you’re done, you’ll be taken to the 2-Step Verification settings page again. Be sure to review your settings and add backup phone numbers.
- You’re done! Next time you sign in, you’ll receive an SMS with a verification code
How to proceed.
I know the task set before you is looking quite daunting, and you may be tempted to just shrug it off and continue as you have always been. However I would suggest you secure you most sensitive sites as a start and go from there. This would include any financial site that supports the process, your web email accounts, your social media sites, and your Apple ID if you have one. Just think of the damage a hacker could do if they accessed your Apple ID, especially if you have Find my iPhone and Mac enabled on your devices. These feature an option to lock and remotely wipe these devices. It is always better to be safe than sorry in regards to computer security. While setting up all your accounts with this new method will take time, it is best to start now, and cover a few a day until they are all secured. The extra amount of effort that is required to access your account will be well worth the extra amount of security you will gain in the process, and you can sleep a little better a night knowing your digital life is that much more secured.