Skip to main content

Securing your account with password only? That’s not enough anymore - Use two-factor authentication

Using userID and password only to login to your account is old method to ensure security to your account(email, bank, facebook, etc.). It has been reported numerous times that passwords can be stolen, leaked, cracked, captured, sniffed & guessed. Bad guys (may be your own people with bad motives) are trying hard to get your password and get into your account to steal data/money/identity/photos.

You need to protect your account with something more than just UserID and password. Strong password is not enough to protect your account and you need to go beyond that to make your account secure.

What is two factor authentication ?
In simple terms you can consider two factor authentication as "Two Locks" for your account. You need to open both the locks before your get into your account. And to open two locks you of course need two separate keys.

Two factor authentication is security process in which you use your userID+Password and physical token. Its "something you know" and "Something you have". E.g. If you wish to login to your email account, your emailID & password is what "You know" and an addition short numeric code(Verification code) that is available on your phone which acts as "You have".




Why two factor authentication?
According to security research, two factor authentication drastically reduces the risk of your account getting exposed or hacked by anyone. Anyone who knows your userID+Password, now cannot open your account unless they enter the code which only you have it(on phone or physical).

Banks, enterprise business, and small/medium business already got this started early on and now lots of online companies provide this feature for free to users to increase level of security around your accounts. Your data & identity is equally important as your bank account, which you don’t wish to loose.

Why anyone cant break into your account with two factor authentication ?
By adding a second lock to your account it gets hard for anyone to crack your account. Numeric code is usually generated every time and it keeps changing. Anyone who has your userID & password also now needs this numeric code to open your account and that’s not with them(unless your phone/device is lost).

Here is a short video on Two factor / Two step authentication from google.



Google Authenticator - An Android and iOS app to generate verification codes on your phone

  • Google provides a generic phone app on android/iPhone for users to setup and use two factor authentication. Install "Google authenticator" from Google Play and follow steps to setup.
  • Note that 'Google Authenticator' is not just for your google accounts, its generic enough to help you setup two-factor authentication for numerous other websites too. A good example here is "Lastpass" which integrates well with Google app and makes your master password/account in Lastpass safe.



Who all provides two factor authentication?
In addition to your bank, lots of companies on web offer it. Google, Facebook, Microsoft, Lastpass, Apple, Dropbox, Evernote, Yahoo, Linkedin and many more. And this is all for free. So go and secure your account now.

Here are some services that support two-factory authentication, with instructions on how to enable it -

  • Google/Gmail - Google provides six digit verification code via sms or by Google authenticator app.  You can enable it by following steps from here - http://accounts.google.com/SmsAuthConfig
  • LastPass - Most important service that you should enable two factor authentication. Here are steps - https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/google-authenticator/
  • Facebook calls it as 'Login approvals' and provides couple of ways to setup. You can get verification code via sms or setup google authenticator or via facebook app itself. See https://www.facebook.com/settings?tab=security
  • For your favorite services apart from above search google or have a look here - http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two-factor-authentication-right-now

Hope this helps to secure your accounts!

Comments

Popular posts from this blog

Malls track your visits by Wi-Fi tracking

How does Wi-Fi works ? 
Wi-Fi is preferred wireless way of internet connectivity on mobile devices. We connect to Wi-Fi at home/office/cafe/Hotels and public places to get fast internet connectivity and do all stuff using it. Usage of Wi-Fi has spread fast with smartphones/tablets as compared to laptops couple of years back.

Wi-Fi uses network name (SSID) and shared-password to connect and that makes it easy for users to get internet without much hassle. Once you connect to a network, your mobile device remembers the network and tries to auto-connect to it whenever its available.

Mobile devices store all this Wi-Fi network info and use to auto-connect on periodic basis so as to provide preferred connectivity; and all that happens behind the scene. May be its your android/iphone/blackberry/windows phone/tablet all work same way. Your phone tries to connect to Wi-Fi automatically.

You can see list of Wi-Fi networks connected by your device going to settings > WiFi




What is Wi-Fi track…

Your Privacy is Fuxxked up!

What is Online Privacy and why anyone should care about it  online? 

Online Privacy is about you and personal privacy concerning your data the way its stored and used by third-parties, and displaying that via internet.

With internet age, your data is captured every moment with what you do online and is available for companies to use and share with others without you noticing it and that's the reason why you should care. Your identity and data is not only yours anymore.




Google the web king:  
Every google search you do after login to google is stored. Google exactly know what kind of info you are looking for and what was your search history which it can relate and then show new results. Search done on webpage/tablet will also show up on phone and vice-versa.

If you have android then you can also see that "Google Now" will show related blogs/articles around your search. E.g. if you search for a name of place then few minutes later you will see a short map with time to trav…

Encrypt personal data with TrueCrypt

WARNING - TrueCrypt has stopped development and issued security warning. Please don't use TrueCrpt. Maintaining this blog for historical purposes. Updated 29th May 2014. 
-----------------------------------------------------------------------------------------------------------

You got personal data or photos that you don't want anyone to see ? Got confidential files in your external-HDD/Pendrive and want to share it with your friends?  Or want to create a secure vault to store sensitive data ?  Answer is TrueCrypt

TrueCrypt is Open-Source, free disk encryption software available for Windows/Mac & Linux. http://www.truecrypt.org/



Main features -

Create virtual disk within the real hard drive - You can create a vault and lock it using a password. You can then see all files within it with passwordEncrypts entire hard-disk or pen-drive. If your laptop is stolen or you lose pendrive with data then no one can read the content and see your files
Encryption is automatic and thus you…