Oh the joy of being online – more than 1 billion Yahoo accounts hacked, celebrities getting their photos stolen after falling victim to email schemes, login information for 167 million LinkedIn accounts was stolen – the list goes on and on.
Even if you follow my advice for creating secure passwords, there’s not much you can do when a site you use gets hacked – or is there? That’s where two-step (also called two-factor) authentication can help.
What is two-factor authentication? Basically, it’s requiring two pieces of information in order to login to an account. One piece of information is your password. The second piece is typically something only you have. This could be your cell phone, a pager or a specialized token that displays a unique code at regular intervals. (For a detailed explanation, check out this Wikipedia article.)
Still confused? Let’s look at an example using Facebook:
Normally, you log into Facebook with your email address or phone number and your password. If a hacker gets this information, they’re into your account pretty easily. But, if you set up two-factor authentication, Facebook won’t let you in with just your email/phone number and password. Facebook will send you a one-time use code via text message that you’ll have to enter before you can get into your account. (There are other ways to get a unique code, but let’s keep it simple for now.) Of course, if the hacker has your phone, you could still be in trouble, but you have secured your phone with a password too, right?
More and more websites are using two-factor authentication to help you protect your account. Many sites are smart enough to publicize this and encourage you to use it. You can also search the Two Factor Auth web site for a list of sites that support two-factor.
This extra security is very easy to set up and can protect you from being hacked. The only reason you shouldn’t set it up is if you don’t have a cell phone, although some sites have ways to do this that don’t require a cell phone.
I’ll stop talking now so you can go set this up on your accounts. Feel free to ask questions in the comments.