In my article “How can I manage the password mess?” I discussed coming up with a better password process and using a Password Manager. This time I’m going to discuss how to reduce your risk in general – regardless of the password approach you take.
Password security tips:
The approach is referred to as “Two Factor Authentication” (sometimes abbreviated as 2FA). Two Factor Authentication means you are required to prove who you are by providing your password (factor #1) and something else (factor #2). Someone who gets your password (regardless of how they got it) won’t be able to provide the second factor – so they can’t access your account.
The most common way currently for sites to utilize two factor authentication is by sending a text to your phone with a code for you to enter as part of the login process.
Some of the other most common factor #2’s include:
- Code provided via automated voice call to your pre-defined phone number
- Code emailed to predefined address
- Hardware device with multi-digit number which changes every 30-60 seconds
- Phone app with multi-digit number which changes every 30-60 seconds (my favorite!)
- USB “key” which provides long security key
I think a non-technical example will be helpful to better understand Two Factor Authentication. When you make a withdrawal from an ATM you need to have your ATM card (factor #1) and your pin (factor #2). If someone has only one of those items – they can’t make a withdrawal.
Each of these methods has its pros and cons – but all are dramatically safer than not using two factor authentication at all. Just so you can be prepared and well informed, know that the industry is moving away from using texts as the second factor. The reason for this being an increasing number of “evil doers” starting to grab the texts as they are sent to you.
Here are links to enable two factor authentication for some sites and services you probably use regularly:
You should also definitely turn it on for your personal email provider – as it’s VERY common to gain access to your personal email and then use that to gain access to lots of your other accounts. Here are the links for the most common email providers:
This is a constantly evolving challenge. Please feel free to reach out for more info or any feedback and we’ll help/update as needed.