Malicious hackers are targeting usernames and passwords with growing success. Hijacked email accounts are common. If it hasn’t happened to you, you know a friend who has been affected. High-profile Twitter accounts are hijacked regularly. There’s a way to protect yourself, and it will truly be a pain in the butt.
It’s two-factor (or two-step) authentication. And the three top Web-based email services from Microsoft, Google, and Yahoo! have each implemented this type of heightened security, and it’s a feature you should seriously consider switching on. Other popular services are adding these security measures, as well. So seek it out for all your online accounts.
The benefit is clear: To gain access to an account, you must have the password and a code the service makes available to you when you need it. So it’s something you know (the password), and something you have (a smartphone that receives the code). The chances of a malicious hacker having both of these things is very low.
The pain is also clear: You’re going to need to prove you’re you fairly regularly. Especially the first time you log in from a new computer or device.
I like to focus Ferocious Tech on ways to simplify living with your technology. This article goes against that grain, but this topic is vitally important. It would be much easier to simply walk through the front door of your home, but you have a lock on the door that sometimes makes walking through it more difficult for the sake of security. This is absolutely no different.
Kinds of Second-Step Authentication
On Demand Codes. These are multi-character codes that are sent to your phone via SMS text or a second, validated email address. When you attempt to log in from a device the service does not recognize, the code is automatically sent. So if you’re a hacker, you’re dead in the water. If you’re you, then you have to get the code and enter it to gain access. Just like the key to your front door.
Personally, I use Google’s Authenticator app on my iPhone to access both Google and Microsoft email accounts. It works just fine.
App-Specific Codes. After you set up the two-factor authentication for an account, accessing it the next time from your mobile device will likely require some attention. Google provides app-specific codes for your mobile devices to use, so that the built-in mail and calendar apps can continue to work with their services.
How Do I Do It?
I’m not going to step through the processes to enable two-factor security on your accounts. There are several excellent tutorials on the Web, so I will point you to perfection rather than create mediocrity.
Read the articles below and take the time to implement these security features. They will step you through the processes for Microsoft, Google, Yahoo!, Facebook, DropBox, and LastPass.
Best of luck to you!