Two-factor authentication is called that for a reason: you need more than type in your username and password, something that you have on your person that isn’t easily known to anyone else (like your mother’s maiden name or birth date). Both sites make use of texting a short string of numbers to your cell phone as part of the login process: once you set this up, as long as you have your phone nearby (and who doesn’t?), you can be sure that no one else can login into your account.
Older forms of two-factor authentication used small key fobs that had a button. When you pressed the button, you got a code number that you used to type in at the moment you were logging in. The number changed every 30 seconds or so, making it difficult to hack. Using a cell phone is much more convenient; the fobs were forgotten or lost.
Two-factor authentication has been around for a long time, and lately has gotten a black eye, thanks to the behavior of RSA, one of the leading companies in the market. Their SecurID system was compromised several months ago, and the company has been slow in getting the word out and replacing the fobs for its customers. As a result, several of its competitors have stepped forward and offered deals on replacements.
I’ve had a fob for my eBay/Paypal account for several years. I think it cost $10. You can still get them, although there are free alternatives available that can make use of your smartphone from Symantec’s Verisign Identity Protection program.
(Note: I did one of my sponsored screencast videos of the service for Symantec last year over at webinformant.tv.)
But, even better, is what Google and Facebook have put in place. If you have a Gmail account (but not a Google-hosted email account, sadly), you can get this set up in about 10 minutes. Go to your account’s personal settings and you should see a menu item for two-factor authentication, and follow the instructions show in their blog.
The problem is that adding two-factor for your Gmail account will create problems for you for other applications that access your account. If you use your smartphone or Outlook to access your email, you will need to setup these apps to handle the two-factor authentication. If you read your email on a tablet, ditto. So this may not be as easy as you first think.
Facebook has taken lots of (deserved) knocks on its security, and it also has implemented two-factor authentication lately. Go to Account/Account settings/Account Security and enter the information requested under the Login Approvals section, at least until they rearrange their menus and put it somewhere else.
Two-factor isn’t a panacea, and it does add an extra step. And as the folks at Lockheed found it, it isn’t flawless. But it does offer much better protection than straight username/password. If you use Google, Facebook, and Paypal, it is time to start using it.
To subscribe/unsubscribe to this newsletter:
I invite you to comment on this column on my http://strominator.com blog. Please also join me on Facebook.com/davidstrom, watch my video product reviews at http://webinformant.tv and follow me on Twitter @ dstrom. To view a few of my presentations and to find out more about my speaking business, go to http://strom.com.
Latest posts by Allison Midori Reilly (see all)
- Why Bloggers Need Website Security - June 22, 2012
- QR Code Security Best Practices - May 2, 2012
- 3 Easy Ways to Prevent Your Data from Being Tracked - April 11, 2012