Q: What exactly is 2-factor authentication and how do I use it?
A: In my previous post, I outlined the steps everyone should take to protect themselves from password thieves that included using 2-factor authentication.
It should be fairly evident that internet security breaches are a fact of digital life, so we all need to have a different mindset when it comes to our passwords: they are going to be compromised.
Anyone that uses a credit card has experienced fraud alerts and the process of getting a replacement card when a fraudulent transaction has been made. It’s not uncommon to have to replace your credit card once or twice a year these days, but we take it in stride and move on.
If you assume (and you should) that your passwords are going to be compromised, take some steps to protect yourself so you’ll know what to do when it happens.
Just as you have fraud alerts setup for your credit cards and bank accounts, you can do the same with just about every online service you use by activating 2-factor authentication.
Think of it as a double lock combined with an alert system when someone attempts to use your passwords.
The two factors are something you know (your username and password) and something you have (your phone) to prove that you are the rightful owner of an account.
Some online services refer to it as 2-step verification or multiple-step validation, but regardless of what they call it, they generally work the same way.
To activate the feature, you enter the phone number of the device you want security codes sent to when logging in from unknown devices.
Once that’s in place, the first time you log into the account from your computer, smartphone or tablet, you will be asked for a special code that gets sent to your phone as a text message.
When you’re using devices you own, you can tell the site to remember so you don’t have to go through the 2-step validation every time. If you use more than one browser on your computer, you’ll need to go through the process with each browser. If you delete your cookies, you'll be asked to type in the special code again.
Once it’s setup, even if a hacker acquires your username and password, they won’t be able to access your account because they don’t have your phone in their hand.
The best part of using 2-factor authentication is that it automatically becomes a fraud alert system when someone has your username and password.
For example, if you get a text message out of the blue saying here’s your access code, you’ll know that someone has acquired your username and password and is trying to use them.
You’ll also know that they can’t get in without your phone, so you can simply change your password when you get home to prevent future issues.
Just about every major online e-mail service, social network, financial institution and retailer has begun to offer 2-factor authentication as a feature, but it’s up to you to set it up.
The exact steps for setting up each account will differ, so I’ve posted the links to directions for the most popular services here.
If you’re looking for directions for a site that’s not on the list, let me know!