Hi all! In this post I want to talk about a powerful yet underused tool that you can use to increase the protection of your online accounts and the data you store on them. It’s called 2-Factor Authentication. It’s not available for most websites that you have a username and password for but it is for some of the most popular ones. This is something you should enable if you store sensitive data on online accounts that support this feature. Here’s how it works:
Normally when you log on to a website like Facebook or your Gmail account you are asked for a username and password. If a hacker wanted to get into your accounts, all they would need to do is find a way to either obtain your password or reset it and they can get in. With 2-Factor Auth you are also asked for a code that is sent to your phone to unlock your accounts. 2-Factor Auth systems can either send you a text message with the code or you can open an app like Google Authenticator or Authy on your iPhone or Android phone to get a code. With 2-Factor Auth enabled hackers will need your password and your cell phone to gain access to your account. Since we pretty much never have our phones leave our sights nowadays, it makes it virtually impossible for a stranger to hack your account. Here are some sites that support 2-Factor Auth, many of these sites allow you to store sensitive data on them making it very important and useful to have activated:
- LastPass (Password Manager)
- OpenDNS (Web Filtering Solution)
- Stripe (Credit Card Payment Processor)
- Mailchimp (Email Marketing)
- Namecheap (Domain Name Registrar)
- Etsy (Craft Marketplace)
So you are probably wondering, will I have to enter my 2-Factor code each time I log in? It varies with each service but most of them will either have you enter the code each time or each time you log in on a new computer. Some sites such as Google even allow you to skip entering a code for 30 days so logging in is a bit easier. Keep in mind though that you should never enable this option when you are using a public computer since any one who can get your password only needs to use that computer to bypass the 2-Factor Auth.
Ok great, so how do I enable 2-Factor Auth? The easiest way is to check your Security Settings on the web service you would like to secure and look for a 2-Factor Authentication or 2-Step Verification option and turn it on. In most cases you will be asked for your cell phone number and you will get a text with your first code. If your service supports Google Authenticator or Authy, you will be given instructions to install one of those apps on your phone to set up the feature. If you want to use an app, I personally recommend Authy as it can set up site that are supported on itself and on Google Authenticator in one app. Authy is also nice because it can sync authentication codes on other devices and backup your codes in case you lose or switch your phones.
I would love to give you more in depth instructions on how to enable 2-Factor Auth for each site but that would make for an extremely long blog post. So my recommendation is to check your sites for the feature and see if you can get it to work. The process for each is usually pretty quick and easy. If you need help though, you can always contact me by clicking the button below.