According to Heart bleed security, we are reminded that passwords do not offer the total protection that we need. We are supposed to guard our passwords and sensitive data jealously. However, a technical flaw in a widely used padlock security technology allows hackers to grab the information anyway.
Numbers of hackers have been breaking in to grab usernames and pass words, plus credit card numbers and more.
It’s for this reason that many security experts are recommending a second layer of authentication which is in the form of a numeric code sent as text message.
Here, when you visit a website on your computer, you enter your password first and then you type the code you receive sent via text to verify that you are the true person and not a hacker.
This idea of the double layered password makes it hard to use a password that is compromised or guessed since you are asked for a second piece of information that only you are supposed to know.
The second authentication would be a pain to use, but things will go on more smoothly than expected after the initial setup as eventually it becomes a daily habit.
To balance security and convenience, you may typically bypass this check the next time you use the same Web browser or device. It won’t help if someone steals your laptop, but it’ll prevent others from using your password on their machines. If you’re logging in at a library or other public computer, remember to reject the option to bypass that check next time.
The second piece of authentication could be your fingerprint or retina scan, though such biometric IDs are rarely used for consumer services. Financial services typically ask for a security question, such as the name of your childhood pet, the first time you use a particular Web browser or device. That’s better than nothing, though answers can sometimes be guessed or looked up. Some banks offer verification codes by text messaging, too.
This approach should be used for a variety of email and social networking services. Email accounts are the most sensitive because emails can be used to reset passwords elsewhere. That includes banks and shopping sites.
How to get started
The two-step requirement is fairly simple to turn on. With Google, for instance, it’s under the Security tab in your account settings. On Facebook, look for Login Approvals under Security in the settings. With Apple IDs, visit appleid.apple.com rather than the account settings on iTunes.
After you enable it, you’ll typically have to sign in to your account again on various Web browsers and devices. After entering your username and password, a code will be sent to your phone. You’ll have to enter that to finish signing in. This may occasionally mean getting off your couch to grab your phone from the charger, but that’s a small price for security.
What if you’re somewhere without cellular access and can’t receive texts?
Most services have backup mechanisms. Google, Facebook and Microsoft have apps that will let you receive verification codes even when you’re offline. Google and Facebook also let you generate 10 backup codes that you can download or print to keep in your wallet. Each can be used only once.
You can also turn off the two-step requirement temporarily if you’ll be traveling without cellular access, though it is not recommended recommend.
Occasionally, you’ll run into an app that won’t accept the text code. Apple’s Mail app on iPhones, iPads and Mac computers is one. Microsoft’s Outlook software is another. If that happens, you’ll have to go to your service’s settings to generate a temporary password for that particular app. It’s a pain, but you will rarely need to do this.
There are several other challenges to making this work smoothly. For example, if you have a shared Twitter account, such as for your company or organization, two-step verification isn’t very practical unless you also share your phone. There’s a 12-character, hard-to-guess backup code you can use instead. But it’s no security if you jot it down next to your main password.
The biggest problem, though, is losing your phone. Some services will let you provide a backup number, including a friend’s cellphone or a landline phone. With Google, the code can be sent as a voice message instead of a text. Others offer a complex recovery code, which you’ll have to jot down and keep in a safe place.
Two-layer security may be inconvenient. The first password is difficult enough to deal with. But think of the inconvenience involved should someone break into your account and shut you out. Consider the use of verification texts to be insurance.