Protect yourself and your business with two-factor authentication
It makes the news a few times a month — a huge security breach and passwords on the loose. That’s why it’s important to make sure you stay on top of your passwords.
The easiest way to protect your passwords is to use a different strong password for every site. This is easiest with a password management plugin; we use the free LastPass browser plugin.
But sometimes, that’s not even enough. Take, for example, Wired writer Mat Honan’s horror story.
“In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”
Honan said the hackers were able to do all that – just by getting access to his Gmail account.
“In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc.”
What is two-factor authentication?
Two-factor authentication simply adds an extra step to the sign in process. In Google’s case, it uses your cell phone to prove that it’s actually you logging in.
“In addition to your username and password, you’ll enter a code that Google will send you via text or voice message upon signing in.”
It’s pretty simple and straightforward, and as Google explains, it works quite well.
“2-step verification drastically reduces the chances of having the personal information in your Google account stolen by someone else. Why? Because hackers would have to not only get your password and your username, they’d have to get a hold of your phone.”
How do I turn on two-factor authentication in Gmail?
It’s easy to turn on two-factor authentication in just seconds. Jeff Atwood has put together a quick step-by-step guide with pictures. It’s just a matter of going to your Google account settings, and changing the setting under “Security,” then you enter a verification code from your phone.
What if my phone runs out of battery?
Google’s made it easy to work around a dead or lost phone. When you set up two-factor authentication, you have the option to print a list of emergency backup codes. Keep them in your wallet, and you always have a way in to your Gmail account.
There are a lot of good reasons to turn on two-factor authentication now, and there aren’t many drawbacks.
If you have any other concerns, Google engineer Matt Cutts has put together a great list dispelling myths about the service.