You see stories in the news all the time where people and businesses are victims of a hacking attack. Improved security becomes even more important as we all begin using applications and services that allow us to access our data, both business and personal, from anywhere. That not so strong password you are currently using, maybe seems OK when it is something you are just using internally at your home or office. But when those same applications and services can be accessed and used remotely it becomes even more important to have a strong password.
What can you do to better protect yourself when your password is not so secure (or even if it is)? A great way to improve on the singular protection of your password is to turn on a second layer of protection. This is where two-factor authentication comes into play. Don’t let the wording scare you off, it is not that difficult to turn on and use.
A third party could know your password. But with 2-factor authentication turned on, they still won’t be able to get into your account. That’s because if you have enabled 2-factor or 2-step authentication on your account, just knowing your login password will not be enough to get into your account.
Anyone entering your correct password (including you) must also know a secondary unique code. The most common method for sending the secondary required code is to send it to your cell phone via text message. Without that secondary access code your account is still secure (not authenticated) and the system will not let you or a third party in. This makes it much harder to hack into your account(s).
In addition to the code being sent to your phone via text message there are other two-factor methods that can be used as alternatives. For Google apps you can install the Google Authenticator app on your smart phone. The Google Authenticator app can also be used for some of the other services that use the Time-based One-time Password algorithm. Dropbox and Facebook are examples of these. Another convenient app for your phone is called Authy. It can help you with 2 factor authentication for Dropbox, Gmail, Facebook, Lastpass and Amazon. Some services will also allow you to use an actual physical security key (USB or NFC based) as a very secure alternative.
Some services that offer two-factor or two-step authentication are Dropbox, Box, Gmail, Google Apps, Microsoft, Twitter, Linkedin, Evernote, Amazon and iCloud. You can find assistance to turn on two-factor authentication in each of these services at your account/security page for each.
As an example, let’s run through how to turn on two-step verification via text messages in Dropbox. Assuming you already have an account, you first need to login on their website. Click on your name and choose “Settings” on the menu that drops down. On the next screen choose the “Security” tab. On this page under the Password area you will see “Two-step verification” listed. Choose “(click to enable)” to start the process of turning it on. Click “Get started”. For security purposes you will be asked to enter your password again. Choose “Use text messages” on the next screen. Enter your mobile number. On the next screen enter the 6 digit security code that was sent to your phone. On the next screen Dropbox will provide 10 one-time use backup codes (for when you may not have your phone). Write these down and store them in a safe place. Click to enable two-step verification. From now on, when you sign in to the Dropbox website or link a new device, you’ll need to enter a security code from your phone.