June 4, 2013 No Comments-
Things move quickly in the computer world, but the humble password has been left behind. In a world of unlimited connectivity, we still base our security on a secret code – a code that is becoming increasingly easy to hack.
With “two-factor authentication”, some companies – including giants like Google, Facebook and Twitter – are trying to move the world’s most famous security technique into the 21st century. But what is it, and how does it keep you extra safe?
It’s easiest to think of two-factor authentication as just an extra security measure built on top of the existing password system. You’ll still need to use a typical username and password (although please don’t use an obvious password – that’s the worst thing for security).
The exact form of “two-factor authentication” varies from site to site, but most systems involve sending you a text message with a unique code that you are required to enter to login, alongside your username and password.
Text messages are considered a safe medium for sending out the code, because even if hackers have managed to grab your password, it’s unlikely they’ve stolen your phone as well. If someone does steal your phone, you should change your passwords as soon as possible, whether or not you have two-factor authentication turned on.
We’ll run you through some examples of two-factor authentication from the Big 3 (Google, Facebook and Twitter) so you can see what the system looks like, and also tell you how to enable the extra security (don’t worry, it’s easy):
How to set up two-factor authentication for Twitter, Google and Facebook
How it works: After entering your username and password, you’ll be asked to enter a code that will be sent to you via text, voice call or a mobile app, depending on what’s best for you.
Once you’ve authenticated, you can then ask Google to remember that computer, so you don’t have to keep re-entering a code every time you log in. It still protects your account, however, because if any other computer tries to log in, it will need to send a code – which will go to your phone. Pretty safe, eh?
How to turn it on: It couldn’t be easier. Google has put together a very simple process at https://accounts.google.com/SmsAuthConfig.
How it works: Twitter’s implementation is slightly worse than Google’s – you have to enter a code every time you log in. It also needs to generate a temporary password for mobile Twitter apps every time you log in, which is a bit of a pain. Finally, it only issues codes via SMS to mobile phones, so they don’t have the variety of options that Gmail does.
How to turn it on: Simply click on this link: https://twitter.com/settings/account and tick the box “Require a verification code when I sign in”. That’s it! You’re now set up, as long as you have a telephone number linked to your account.
How it works: Facebook will either send you a SMS message or you can use a downloadable app to provide you with a login code. You enter this code alongside your username and password. Easy.
How to turn it on: Simply log in to Facebook and visit https://www.facebook.com/settings?tab=security. Now turn on the Login Approvals feature. Facebook will guide you through the rest of the process – it’s even easier here then it is at Google.
And remember: if there’s one piece of security advice everyone agrees on (alongside ensuring you have antivirus software), it’s that two-factor authentication is the best way to alienate internet criminals.
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive