With the rise of password theft and account hacking all over the Internet today, we need better ways to stay safe. Thankfully, two-factor authentication (sometimes called two-step verification or abbreviated 2FA) is here, and it’s critical for securing your online accounts. Here’s why: Even if someone discovers your password, they still won’t be able to log into your account.
I use two-factor authentication as much as possible. Passwords are a mess, and two-factor authentication helps them be more secure without too much inconvenience. You can even use two-factor authentication to secure a password database stored in LastPass or some other password managers. This is a critical security feature that helps me feel much safer about storing such sensitive data with LastPass.
How It Works
When you log into an account secured with two-factor authentication, you’ll be prompted for two things — your password and a special time-limited code. This code may be generated by an app running on your smartphone that displays a new code every 30 seconds or sent to your phone as a text message. It’s even possible that your bank might offer a physical device that generates a special code for you when you press a button.
This will take a few extra seconds when you log into your accounts, but it won’t be much of an inconvenience at all after you’ve logged in. It’s a much larger barrier to people who are trying to gain unauthorized access to your accounts — even if they have your password, that’s not enough. Usually, they’ll need your phone as well.
Enable Two-Factor Authentication
Many web sites now offer two-factor authentication, but they all work a bit differently. Google, Microsoft, Apple, Yahoo!, Twitter, Facebook, LinkedIn, Dropbox, Evernote, PayPal, LastPass — two-factor authentication is offered all over the place to help secure your email, private messages, files, and other data.
You can generally perform a web search with the name of a service and “two factor” to see if it supports two-factor authentication and find instructions for setting it up. The Two Factor Auth List website offers a comprehensive list of services offering this security feature.
Don’t Get Locked Out!
The whole point of two-factor authentication is locking people out unless they have a special smartphone app, phone number, or even a physical hardware device. But what if you lose your authentication method?
Never fear — most sites provide you with a way to log in anyway. Some offer printable backup codes, which you can leave someplace secure. These are one-time-use codes, so they can’t be used to log in again even if someone looks over your shoulder and copies down the code.
The service may also be able to contact you with an SMS message or phone call at a backup phone number you provide ahead of time. Other services offer a recovery email address or a form you have to enter personal information into. Be sure to set this stuff up ahead of time and think about how you’ll get into your account if you ever lose your authentication method.
Now get out there and enable two-step verification for your most important accounts. The next time a Heartbleed-style bug hits the entire web, someone sees you type your password, or your computer is hit with a keylogger, your important accounts will remain secure. Miscreants will need more than just a password to get in!
Photo Credit: Dan Benton on Flickr, Google