Monday, April 14, 2014

Securing your account with password only? That’s not enough anymore - Use two-factor authentication

Using userID and password only to login to your account is old method to ensure security to your account(email, bank, facebook, etc.). It has been reported numerous times that passwords can be stolen, leaked, cracked, captured, sniffed & guessed. Bad guys (may be your own people with bad motives) are trying hard to get your password and get into your account to steal data/money/identity/photos.

You need to protect your account with something more than just UserID and password. Strong password is not enough to protect your account and you need to go beyond that to make your account secure.

What is two factor authentication ?
In simple terms you can consider two factor authentication as "Two Locks" for your account. You need to open both the locks before your get into your account. And to open two locks you of course need two separate keys.

Two factor authentication is security process in which you use your userID+Password and physical token. Its "something you know" and "Something you have". E.g. If you wish to login to your email account, your emailID & password is what "You know" and an addition short numeric code(Verification code) that is available on your phone which acts as "You have".

Why two factor authentication?
According to security research, two factor authentication drastically reduces the risk of your account getting exposed or hacked by anyone. Anyone who knows your userID+Password, now cannot open your account unless they enter the code which only you have it(on phone or physical).

Banks, enterprise business, and small/medium business already got this started early on and now lots of online companies provide this feature for free to users to increase level of security around your accounts. Your data & identity is equally important as your bank account, which you don’t wish to loose.

Why anyone cant break into your account with two factor authentication ?
By adding a second lock to your account it gets hard for anyone to crack your account. Numeric code is usually generated every time and it keeps changing. Anyone who has your userID & password also now needs this numeric code to open your account and that’s not with them(unless your phone/device is lost).

Here is a short video on Two factor / Two step authentication from google.

Google Authenticator - An Android and iOS app to generate verification codes on your phone

  • Google provides a generic phone app on android/iPhone for users to setup and use two factor authentication. Install "Google authenticator" from Google Play and follow steps to setup.
  • Note that 'Google Authenticator' is not just for your google accounts, its generic enough to help you setup two-factor authentication for numerous other websites too. A good example here is "Lastpass" which integrates well with Google app and makes your master password/account in Lastpass safe.

Who all provides two factor authentication?
In addition to your bank, lots of companies on web offer it. Google, Facebook, Microsoft, Lastpass, Apple, Dropbox, Evernote, Yahoo, Linkedin and many more. And this is all for free. So go and secure your account now.

Here are some services that support two-factory authentication, with instructions on how to enable it -

  • Google/Gmail - Google provides six digit verification code via sms or by Google authenticator app.  You can enable it by following steps from here -
  • LastPass - Most important service that you should enable two factor authentication. Here are steps -
  • Facebook calls it as 'Login approvals' and provides couple of ways to setup. You can get verification code via sms or setup google authenticator or via facebook app itself. See
  • For your favorite services apart from above search google or have a look here -

Hope this helps to secure your accounts!

No comments:

Post a Comment

Transform your $15 router to $200 security router for FREE

Technology is evolving faster and there are more IoT devices at home/office than a few years back. Software Security companies are movi...