Two-factor or not two-factor — there is no question

aNewDomain.net – There are many sites where you probably use the same password. Adding two-factor authentication to as many sites that allow it will give you a necessary layer of protection in an age where hackers are working full time to gain access to user data. So even if your password is your dog’s birthday, your accounts are still protected.

Two-factor authentication is when you use your password in conjunction with something else – like generated passcode – to log into a website. Recently Google’s own Matt Cutts pleaded for users on his blog to enable two-factor authentication to be safe.

Sites like Google, Dropbox, Facebook, Paypal, Yahoo Mail, Microsoft, WordPress (with the help of a little plugin magic), and hopefully soon Twitter will all offer two-factor authentication to further protect user data. Two-Factor authentication would have been a good idea for Wired writer Mat Honan back when he had his run in with hackers over a three letter Twitter account they wanted. The AP/Twitter hack could have also been prevented had Twitter been using two-factor authentication.

Remember Firesheep? It was a Firefox plugin a while back that basically hijacked a users session, granting the hijacker basically full control of an account on Facebook, Twitter, and a few other social networks. The reason this worked? The social network sites were not using SSL by default. Guess what? After the Firesheep plugin came out and made it quite elementary to hijack a session, most, if not all of the sites affected forced SSL.

My point? Sometimes people and sites need to be hacked and exploited so those in charge realize there’s a problem. We know Twitter started putting together a team to work on two-factor authentication shortly after the AP news account was hacked.

I won’t explain how to enable two-factor authentication on your favorite sites, because there are already a ton of great How To’s online. All you need to do is Google how to enable two-factor authentication. Dropbox has a help page on how to enable it, and Google has a great app in the Play Store called Google Authenticator. This is the app I’m using, and it works perfectly with Google, Dropbox, and the WordPress two-factor authentication plugin. Microsoft also has its own authenticator if you live in the Windows Phone ecosystem.

Sites like Facebook, Dropbox, and even Google also support sending a text message in order to obtain the second factor number.

If you don’t want to use an app like Google Authenticator or the Facebook code generator, having a number sent via SMS is your next best option. Plus, when you enable this on Facebook for example, it will not only send you a text message with a security code when you try to login from a new computer, but you will also be notified if someone else is trying to get into your account. Of course, they shouldn’t be able to assume you follow proper password protocols, or that a hacker didn’t clone your cell phone when you were out of the room.

The bottom line? Sure, two-factor authentication adds another layer of security to your most-precious sites and data online. It’s also a pain when you start using multiple devices across multiple platforms. But that pain is quite minimal compared to getting your online life hacked and destroyed.

Losing control of your password is akin to losing your wallet, only worse. Most of the above sites don’t make it easy to contact a human being to get your problem fixed. It’s almost like you have to suck it up and start over. Either that, or operate your own cloud, where you store your own information, but even that can be vulnerable to attack or destruction. Two-factor authentication is our best option for now. A strong password is a great start, but even the best password is no substitute for two-factor authentication.

Based in Kalispell, Montana, Mat Lee is a Senior Editor and Podcaster at aNewDomain.net. Email Mat at [email protected] and follow him on Google+, where he is +Mat Lee

Mat Lee

Mat Lee

Contributor at Tech Page One
Based in Kalispell, Montana, Mat Lee is a Senior Editor and Podcaster at aNewDomain.net. Email Mat at [email protected]
Mat Lee
Tags: IT Security,Technology