Password Management, Security & Authentication
Two Factor Authentication
Passwords, unfortunately, aren't as secure as they used to be, and if someone gets your password, they can access your account without any problem. Even having a strong password doesn't completely protect you. Two-factor authentication is one of the best things you can do to make sure your accounts don't get hacked.
Imagine losing access to your account and everything in it. When a bad guy steals your password, they could lock you out of your account, and then do some of the following:
- Go through – or even delete – all of your emails, contacts, photos, etc.
- Pretend to be you and send unwanted or harmful emails to your contacts
- Use your account to reset the passwords for your other accounts (banking, shopping, etc.)
It's easier than you think for someone to steal your password
Any of these common actions could put you at risk of having your password stolen:
- Using the same password on more than one site
- Downloading software from the Internet
- Clicking on links in email messages
2-Step Verification can help keep bad guys out, even if they have your password.
How it works
Two-factor authentication is a simple feature that asks for more than just your password. It requires both "something you know" (like a password) and "something you have" (like your phone). After you enter your password, you'll get a second code sent to your phone, and only after you enter it will you get into your account. Even if someone gets your password, they cannot change it because you need the other component: the text code sent to your phone. It's a lot more secure than a password (which is very hackable), and keeps unwanted snoopers out of your online accounts.
Where can you use it?
Many sites have recently implemented two factor authentication, Here are some services that support it.
- Google/Gmail: Google's two-factor verification sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with the Google Authenticator app for Android, iOS.
- LastPass: LastPass is one of the most important services to use with two factor authentication—since it stores all your other passwords. It uses the Google Authenticator app for Android, iOS, and BlackBerry, and you can read up on how to enable it here.
- Apple: Apple's two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine.
- Facebook: Facebook's two-factor authentication, called "Login Approvals," sends you a 6-digit code via text message when you attempt to log in from a new machine. It also works with apps like Google Authenticator for Android, iOS, as well as the "Code Generator" feature of the Facebook app. You can also authorize a new machine from Facebook.com on a saved machine if you don't have your phone handy. You can enable it here, or check out Facebook's blog for more info.
- Dropbox: Dropbox's two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine, though it also works with Google Authenticator and a few other similar authentication apps. You can enable it here, or check out Dropbox's documentation for more info.
- PayPal: PayPal's two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can read more about it and enable it here.
- Microsoft Accounts: Microsoft's two-factor authentication sends you a 7-digit code via text message or email when you attempt to log in from a new machine, though it also works with a number of authenticator apps. You can enable it here, or check out Microsoft's documentation for more info.
- Yahoo! Mail: Yahoo's two-factor authentication sends you a 6-digit code via text message when you attempt to log in from a new machine. You can enable it here, or check out About.com's article on the subject for more info.
Google 2 Step Verification
Google is an important to service in which to turn on two factor authentication as many Google services all use it: Gmail, Youtube, Google Maps, Google+ 2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they'd also have to get a hold of your phone.
How it works
- Enter your password. Whenever you sign in to Google you'll enter your username and password as usual.
- Enter a code from your phone.
- Then, you'll be asked for a code that will be sent to you via text, voice call, or the Google Authenticator mobile app. Keep it simple.
During sign in, you can tell Google not to ask for a code again on that particular computer. You'll still be covered, because you'll be asked for codes when you or anyone else tries to sign in to your account from other computers.
Apple Two-Step Verification
What is two-step verification for Apple ID?
Two-step verification is an optional security feature for your Apple ID. Two-step verification requires you to verify your identity using one of your devices before you can take any of these actions:
- Sign in to MyAppleID to manage your account
- Make an iTunes, App Store or iBooks purchase from a new device
- Get Apple ID related support from Apple
Turning on two-step verification reduces the possibility of someone accessing or making unauthorised changes to your account information at My Apple ID or making purchases using your account.
Why should I use two-step verification with my Apple ID?
Your Apple ID is the key to a lot of things you do with Apple, so it's important that only you have the ability to access your account details, update your password, or make other changes to your account. Two-step verification is a feature you can use to keep your Apple ID account as secure as possible.
How do I set up two-step verification?
1. Go to My Apple ID, select “Manage your Apple ID,” and sign in.
2. Select “Password and Security.”
3. Under Two-Step Verification, select Get Started and follow the onscreen instructions.
How does it work?
When you set up two-step verification, you register one or more trusted devices. A trusted device is a device you control that can receive 4-digit verification codes using either SMS or Find My iPhone. Then, any time you sign in to manage your Apple ID at My Apple ID or make an iTunes, App Store, or iBooks Store purchase from a new device, you'll need to verify your identity by entering both your password and a 4-digit verification code, as shown below.
After you sign in, you can manage your account or make purchases as usual. Without both your password and the verification code, access to your account will be denied.
You will also get a 14-digit Recovery Key for you to print and keep in a safe place. Use your Recovery Key to regain access to your account if you ever lose access to your devices or forget your password.