A password is not enough to keep your accounts safe—take some extra precautions so that if the site you’re on gets hacked, your data isn’t lost.
If you’ve followed technology news in recent months, the hacking of popular online services has been making headlines more frequently than not. There have been frequent mishits at Twitter since January, Microsoft, Apple and Facebook admitted to being victims of hackers in February, Evernote’s 50 million accounts were compromised in March, and LivingSocial was attacked in April.
To counter the growing threat, all the major online services and technology companies are now adopting two-factor authentication (TFA, T-FA, or 2FA), which requires the presentation of two or more of three authentication factors:
· Knowledge: Something the user knows; for example, password, personal identification number (PIN), pattern.
· Possession: Something the user has; for example, ATM card, smart card, mobile phone.
· Inherence: Something the user is; for example, biometric characteristics such as a fingerprint.
TFA is not a new concept, it has been used for financial or government systems for a long time. More recently, consumer services have started to adopt it. So, for instance, when a bank customer visits an ATM, s/he uses the ATM card (something s/he has) and follows it up by entering a PIN (something s/he knows) to corroborate credentials.
As of now, you can’t use TFA everywhere on the Web, but services like Google, LastPass,
Facebook, Dropbox, WordPress and Microsoft now offer it. So check your account settings and opt for it—it’s not mandatory yet. TFA requires user participation and adds an extra step, so it tends to be less popular.
Eve Maler, a principal analyst serving security and risk professionals at the global research and advisory firm Forrester Research, believes it’s only a matter of time before TFA is accepted and adopted by mainstream users. On her blog on the Forrester website, she writes: “The writing is on the wall. What was once anathema is going to be unilaterally required by online service providers—and accepted by users—within a couple of years, at least for especially sensitive operations. The only type of security education that really works is the school of hard knocks. Breaches that expose passwords are massive, frequent, and newsmaking events these days. Once enough ‘low-information’ consumers find themselves undergoing account recovery and password change processes due to breaches, strong auth will seem like a much better idea.”
If you cannot receive text messages on your mobile phone (not all countries might be supported by the service, for example), you can use authenticator apps. These apps can also be useful if you’re not near your phone, but have your tablet or iPod handy, and work with most TFA implementations:
· Google Authenticator —Android/BlackBerry/iOS
·Authenticator —Windows Phone
How to opt for TFA
· Sign in to your Google Account settings page by clicking on your name or picture on the upper right corner of the screen and then clicking Account.
· On the left tab, click Security and then Settings under 2-step verification. This will bring you to the 2-step verification settings page.
· Visit your account settings page.
· Under Account security, select “Require a verification code when I sign in”.
· Click on the link to add a phone and follow the prompts. This doesn’t work with all Indian providers yet so Vodafone users, for example, will have to wait for now.
· Login approvals is a TFA system that requires you to enter a code Facebook sends to your mobile phone via text message whenever you log into it from a new or unrecognized computer.
· Once you have entered this security code, you’ll have the option to save the the MAC (machine address code) of the device you’re using to access Facebook, to your Facebook account so that you don’t encounter this during future logins.
· Under Password and security info, click Edit security info.
· Check your phone or, alternatively, email for the code, enter it, and click Submit.
· Under two-step verification, click “Set up two-step verification”.
· Click Next, and then follow the instructions.
· Sign in to the Dropbox website, and click on your name from the upper-right of any page to open your account menu.
· Click Settings from the account menu and select the Security tab.
· Under the Account sign-in section, next to Two-step verification, the tab would read “disabled (change)”, click on “change” to enable the function.
· Once you’ve enabled two-step verification, you can choose to receive your security codes by text message or use a mobile app for the same.
· The Google Authenticator plug-in for WordPress gives you two-factor authentication using the Google Authenticator app on your smartphone.
· The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.
· On My Apple ID page, select Manage your Apple ID and sign in.
· Select Password and Security.
· Under Two-Step Verification, select Get Started and follow the instructions on screen.