Given the number of high profile data hacks that we hear about almost every day, using two factor authentication (2FA) is no longer just an “option”. Its a requirement if you are serious about your security online.
What got me thinking of this was an article I read, showing that even security professionals are getting caught out by simply forgetting to keep up with today’s best practices in online security. The modern “best practice” they forgot to use was 2 Factor Authentication (2FA). If they hadn’t forgotten to use 2FA on their DNS account the whole hack would never have worked. I’ve linked to the article at the end of this post.
2FA is a way of adding additional security on your online account. The first “factor” is your usual “password”. In the modern world we live in, your “password” can actually be your thumb print, a retina scan, a specific speech pattern or even facial recognition data. Any of these things can be used as the first factor for proving your rights to access the online account.
The second factor in this scenario is an ever-changing random code that is retrieved from an external device. The most common devices today for generating these codes are smartphones. These used to be stand alone devices referred to as token generators. The technical name for this 2FA methodology is “Time-based One-time Password Algorithm”.
There’s An App For It
You don’t have to be a security professional, or even have a computer science degree to do this stuff. Because there’s an app for it. It doesn’t matter what device you use, Apple, Android, Blackberry, Microsoft, whatever…
I suggest you use the Google Authenticator app. Its what I use as my 2FA method on all of my personal and business online resources. Like any other app it is super-easy to install on any smartphone or tablet.
The app creates an ever-changing random code that is used to verify your identity when you log into various online resources.
Worried that you might have your device stolen or lose it?
Don’t worry, someone else thought of that too. Most online services also let you print out or download “emergency codes/tokens” that you can use if you should lose your smartphone or tablet. Just be sure to keep them somewhere safe, like in a real safe, or a safety deposit box.
If your online service doesn’t offer 2FA sign on, I honestly recommend you stop using that service.
If you want to get the Google Authenticator app for yourself, search your app store for “Google Authenticator” or use the links below.
For Android devices go to:
Android Google Authenticator
For iOS devices go to:
iOS Google Authenticator
The article that got this post started: Hackers take control of security firm’s domain, steal secret data.