Two-step security requires the investment of time. Otherwise it’s free. By giving your online accounts an extra layer of security with two-step verification, you’re keeping the hackers out.
Here’s How It Works
With two-step verification, you need to input two things, your password and a one-time use code. Once you enable a particular personal device as safe, then you won’t need to do it again. You will use the two steps only on devices that are public or shared.
In order for people to access your account, they would have to know both your password and the special code. You get your special code by text on your phone after entering in your password. Once both password and code are entered, you get into your account.
Here’s Why It’s a Good Idea
By having something you know (password) and something you have (cell phone), your online accounts are not as hackable. Passwords are often not secure enough on their own, particularly if you use the same password for multiple accounts.
As if anyone would ever do that. As if we ever have to use the “forgot password” link, like, every other week.
Popular accounts that offer two-step verification include Google (Gmail, Drive, etc.), Twitter, Facebook, LinkedIn, WordPress, Dropbox, and Microsoft. Let me know if you use it for something not listed here.
Gmail, Google Drive, etc.
By far the most critical account to secure with two-step authentication is your email account. Why? As Jeff Attwood explains, your email account is “the skeleton key to your online identity.”
At some point, your email probably contained sensitive data that included credit card numbers, bank account information, medical documentation, and who knows what other personal stuff.
Google’s security system sends you a code in a text message whenever you log in from a new machine. Check out Google’s two-step verification and get started. The only issue I had was with my Apple laptop. For some reason, my Gmail worked only through the site and not through my Apple mail account.
I easily configured my iPhone by generating an application specific password. Once you have it, you enter it into your phone when you’re prompted upon opening each app.
Twitter walks you through its two-step verification here. By clicking on the gear icon, then settings, then security and privacy, you are able to enable log in verification requests to your cell phone. You’ll need to re-confirm your email address to begin this process.
Securing my Twitter account seemed like a good idea. After reading about Mat Honan’s attack, which focused around his Apple products and Twitter account, I didn’t hesitate to jump on board.
By going to Facebook’s security settings page, you can require a security code to access your account from unknown browsers. Facebook will text you a code that you enter in addition to your password.
Facebook’s blog gives you the rundown on its log in security feature here.
By hovering over your profile picture in the top right corner, you will see a drop down menu with privacy and settings. Click on this, and then click on the shield symbol with “account” next to it near the bottom left of the screen. Then click manage security settings and you will be taken to the page for two-step verification sign in.
By installing the Google Authenticator WordPress app on your smartphone, you enable a two-step authentication for Android, iPhone, and BlackBerry. Find the app and read more about this safety feature here.
Dropbox’s two-step authentication will send you a text message code when you attempt to log in from a new machine. Go to Dropbox security here, or check out Dropbox’s documentation for more info. If you want another layer of extra security, try TrueCrypt. Learn how to encrypt the contents of your Dropbox with this free open-source encryption software.
*Dropbox Update: TrueCrypt has been discontinued. Please see these free alternatives for disk encryption.
When you attempt to log in from a new machine, Microsoft’s two-factor authentication sends a code via email or text message. It also works with a number of authenticator apps. Find Microsoft’s account here.
The time it requires to input the codes is far less than the time – and potentially costly information – you could lose by having your account hacked.