Two-Factor Authentication   Leave a comment

two factor picEarlier this month, Evernote, a very handy web application, was hacked, forcing them to have all their users reset their passwords. This is far from the first time I’ve found myself in this situation. Currently, I have about eighty sites that have passwords. Managing them can be challenging. Some sites, like GMail, are holding fairly critical data for me, so reducing the risk is important.

Fortunately, two-factor authentication is becoming more common. The notion is that, to access an account, you’d need two things: something you know, and something you have. You use this at an ATM machine: you swipe your card (something you have), then type in your PIN (something you know).

For enterprise environments, RSA makes a key fob that generates numbers based on an algorithm. The server knows how the algorithm is seeded for each key, so it “knows” what number is displayed at a given moment. To get into a system that uses it, you need to type the number on the fob (something you have), along with a PIN that only you know (something you know). However, getting consumers using free cloud services to buy RSA fobs seems unlikely.

Fortunately, most of us have something we have that can serve a similar function: a cell phone. More and more web services are offering two-factor authentication by sending a text message. Type in a number from the text message along with a password achieves a similar level of security. This could be used for access to your site from unauthorized computers (such as a shared computer at the library), validate password resets, or other critical security activities. The advantage is that, even if your password is stolen, the thief would not be able to use it to gain access to your data, as they would also need your phone to validate the request.

Many common sites have started to offer some level of two-factor authentication:

Links go to instructions for setting it up.

I would not be surprised if other sites start to roll it out as well. I would encourage you to start to enable it on sites you use that offer it. It may save your data!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: