Categories

Blog

Two-Step Verification

  |   Information Security, Insights   |   No comment

stock-photo-112483-footprintsWe’ve often heard people wonder if they really need to be concerned about online security.

Sure, if you’re a government entity, or some other form of organization that houses personal data, it’s a clear necessity, but what about those of us who more or less go about our day without the kind of data that hackers might be interested in mining? For anyone who thinks they have nothing online worth stealing, we would like to share the story of a friend we’ll call Eric.

One morning, not too long ago, Eric received a call from a concerned friend. A message had gone out to all of Eric’s friends on Facebook, unbeknownst to him, explaining that he was in dire trouble and needed to borrow $1500. A hacker had accessed his account and was mining his relationships for quick cash.

Thankfully Eric was able to shut down his account and prevent any friends from sending money, but damage had been done to his reputation.

The truth is, we all have hard-drives worth hacking and there are always individuals willing to take advantage of weak security.

One of the latest developments in online security is called Two-Step Verification, or sometimes Two-Factor Authentication.

The basic idea is that you tell a given website – Google, for instance – that you want to use Two-Step Verification by following the instructions provided on their website (find Google’s instructions here). From then on, whenever you log in to Google, a text will be sent to your phone with a security code. You must enter that code as a second step to your login.

This may sound like a pain, but you can easily simplify the process. If you always use the same computer you can tell the site to remember you, and you won’t have to enter the second code again unless you log in from another device. You can also set up the program to remember your mobile devices, such as phones and tablets.

Should someone attempt to access your account from a computer that is not yours, they will need your cell phone to receive the additional, second-step password. Should your cell phone be stolen or lost, you can log in from your usual computer and easily revoke permissions associated with the phone.

In a day and age when we almost all have our phones with us at all times, this is a fairly simple way to beef up online security.

Two-Step Verification is offered by Facebook, Dropbox, Microsoft billing, Amazon Web Services and others. If you happen to host a website yourself, through WordPress or Drupal, you can even set it up for your own site.

We strongly encourage our clients to take five minutes to set up Two-Step Verification. A little time invested now can save a world of trouble down the line.

No Comments

Post A Comment