Passwords are not as secure as they used to be. Unwanted cyber snoopers with enough determination can identify even the strongest passwords. And if you are one of those people who uses the same password on all of your accounts to save your own brain power, then you are even more vulnerable.
So, what to do? Two Step Verification/Authentication or 2FA. Google was the first Internet company to use this on their accounts like GMAIL, and now the major companies like Apple, LinkedIn, PayPal , Twitter, Microsoft, Facebook, Amazon and Yahoo (to name a few) have set up this process.
First you sign in with something you know – your user ID and your password. Then you will be prompted to enter a numeric code that was sent to your smartphone. So, even if the cyber sleuth has your password, they have to have your phone with the numeric code to complete the sign in process. This is the same technology that ATM machines use – you have something you know – your PIN and something you have – your encrypted ATM card.
Now, it is not always easy to set up the 2FA on all of your accounts. But it is important. Your customer data and banking information is vulnerable and could mean the end of your business if it was hacked or stolen.
- Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine.
- Google: Google’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with the Google Authenticator app for Android, iOS, and BlackBerry.
- Facebook: Facebook’s two-factor authentication, called “Login Approvals,” sends you a 6-digit code via text message when you attempt to log in from a new machine. It also works with apps like Google Authenticator for Android, iOS, and BlackBerry, as well as the “Code Generator” feature of the Facebook app. You can also authorize a new machine from Facebook.com on a saved machine if you don’t have your phone handy.
- Twitter: Twitter’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine.
- Dropbox: Dropbox’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with Google Authenticator and a few other similar authentication apps. It would also be a good idea to encrypt your Dropbox contents with a program called TrueCrypt (http://truecrypt.org). This is free open source software that encrypts your data.
- PayPal: PayPal’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine.
- Microsoft Accounts: Microsoft’s two-factor authentication sends you a 7-digit code via text message or email when you attempt to log in from a new machine, though it also works with a number of authenticator apps.
- Yahoo! Mail: Yahoo’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine.
- Amazon Web Services: Amazon’s web services, like Amazon S3 or Glacier storage, support two-factor authentication via authenticator apps, like the Google Authenticator app for Android, iOS, and BlackBerry. It also supports Windows phone via the Authenticator app.
- LinkedIn: LinkedIn’s two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine.
This list is by no means complete. For a more complete listing and details for enabling 2FA, try Evan Hahn’s more exhaustive list: http://evanhahn.com/2fa/.
This sounds like a lot of work – but isn’t your business worth it? Wasn’t it a lot of work to set it up and get it to this point? And, this can’t be stated strongly enough – you should also make sure you use a unique, secure password for each of your accounts, so if you don’t, now’s a good time to change that.