As the Internet becomes increasingly interactive and the number of online threats continues to grow, more and more web-based services are realizing that two-factor authentication is more than just a good idea.
Instead of relying on just a password or secret question to confirm your identity, it heightens Internet security by confirming that you are really the person that you say you are — beyond the online world. For example, each time you use your ATM card at your bank, you are using two of the three typically recognized factors for authentication. These factors include: something you know (such as a password), something you have (such as an ATM card, hardware token, or cell phone), and something you are (such as your fingerprint). Two-factor authentication requires the system to use two of these – hence the name. When it comes to Internet security, the most common combination requires a password and a one-time code that is generated by a token or sent to a cell phone.
Here are just some of the web-based services that have systems for giving users the ability to turn on and use two-factor authentication.
• Dropbox: This file sharing service offers a two-step verification process, requiring users to enter their password and a special security code that is sent to their cell phone via text message or the Dropbox mobile app.
• Gmail and Google Docs: Your Google accounts can be set-up to send codes via SMS text message or voice call to your cell phone. If you have a smartphone, you can later download an app that allows you to generate codes without text messages and even without cell service.
• Facebook: This popular social network recently implemented Login Approvals, which is used when the site detects a login attempt from an unrecognized computer. To complete the login process, this two-step verification prompts a user to enter a mobile code, which is sent to his or her phone via SMS text.
• Yahoo! Mail: Like Facebook’s Login Approvals feature, Yahoo! Mail’s two-factor authentication process comes into play only after a suspicious account sign-in attempt. Yahoo will send you the verification code via text message to the mobile number that you previously saved to your account.
As you read this blog post, you may be wondering if two-factor authentication is overkill or asking yourself if it really makes a difference. If you ask us, we prefer the extra layer of security.
As more people interact online, it’s no longer just enough to rely on a password for authentication. And sites that let you change your password by answering a secret question are becoming easier to bypass. Social networking sites and forums increasingly give hackers the opportunity to learn just enough about you so that they are capable of guessing your password and figuring out the answer to your questions.
Adding an additional layer of security via two-factor authentication to all your online accounts can go a long way towards protecting you from online identity theft and phishing attacks, preventing any sensitive data or financial information from being compromised, and ultimately saving you time, money and a lot of unnecessary hassle.
Me siento muy feliz de que hay programas como este que ayudan a cuidar el equipo y que sea gratuito.Muchas gracias y Felicidades a quienes nos prestan estos servicios .
esta es los Estatos Unida. Hablamos English!
For me security is a major factor and the option for Two-step Authentication is important. I feel a lot more secure when I can telesign into my account. If you have that option available to you use it, it is worth the time and effort to have the confidence that your account won’t get hacked and your personal information isn’t up for grabs. If you opt into 2FA, you will have to “Confirm your phone”. You would receive a text message with a specific code to be entered into the system. If you don’t want to do this every single time, you can designate your smartphone, PC, or tablet as a trusted device and they will allow you to telesign in without the text code. Should an attempt to login from an unrecognized device happen, it would not be allowed.
Hi there,
When it comes to Security, I say that we should re-invent a new way of Authentication as online trade is becoming more efficient and Data theft are germinating around the World. This is really a real challenge for Internet Engineers, however we have nowadays an awesome protection.
Not much good if you do not have a cell phone. I have no use for one, so I will never get one.
I prefer to have a dongle or a 2D barcode with additional information to help verify.
The ID used for online banking, taxes, employment, etc. should be kept separate. For personal security, forums, social networks, and comments like this should not have anything traceable back to a person’s real life. Suppose someone gets really offended by a movie they watched based on my Netflix review. For revenge, they track down my LinkedIn online resume, get my employer info, phone, mail, residence, etc. They got pictures of me from my ‘friends’ on Fecebook, and got my mother’s maiden name from Ancestry.com so they can impersonate me, trash my bank account, my home, my job.
The two-factor ID is just a scam to get more traceable info. Using it, much more of your online life can be linked together and packaged for sale to whatever it is that gets so much money for Google and Fecebook.
And if you can’t receive texts on your cell phone you’re screwed. The ultimate security
2-step authentication, if the second step is a cell phone verifcation can be a major annoyance. I have run into this many times. No reception, cell phone not with me(gasp!), traveling abroad, etc. This has left me stuck, unable to complete a transaction. There must be a better way.
Many of these secondary access codes involve texting to a cell phone. I do not have texting facility on my phone but most of my accessing of privileged information is done on my lap top. However there are times when I’m away from it and want to check my bank account, How would this work for me?
As long as the user is not a complete retard a password by itself is a good enough means of protection. Brute force cracks are out of the question, as sites restrict repetitive attempts at access. So stolen passwords come from them being way too simple, being written next to the keyboard (for example) or from phishing. In all those cases the user was simply stupid.
As for the cell phone – I don’t like where it’s going. It’s tolerable while it’s optional. I don’t have a cell phone. And wouldn’t want to have to get it just to use an online service. Providing a cell phone makes a bigger threat – to privacy and anonymity. I don’t believe the claims about security. I do believe the claims about fighting spam. But both of those might be just excuses to get a way to identify IRL people with their user accounts. In my country one cannot sign up for a cell service without providing identification.
Not good, guys, not good. If you want security – don’t be lazy and memorize a longer random password, make custom password-retrieval questions and look at the real address of the links you are following and sites you are entering. If you do that – you’ll be 99% secure unless someone with resources of a government agency is hunting you down (in which case not even three factors are likely to help you).
I agree that security is a problem and we need to protect ourselves. Two step authentication is definitely a great idea.
However, look above to the article and see how that is implemented in all examples. Ah! My cell number. That would probably be ok, in ideal circumstances and for most people.
But ideal circumstances are very rare. And although most people have a cell phone, some of the older folks don’t – and even some not so old, that refuse to enter in the one more exaggeratedly high bill to pay – .
Let’s take a look at only one of the examples:facebook ( here just as an example but it could be any one of the others) I refuse to give my cell phone number to facebook even though it keeps asking me to add it. I value my privacy very much and as I grow older I reserve the right to choose who I want to talk to. I only give my cell phone number to “real ” people that I actually know and only the ones I care to talk to. So far I had no strange calls from business or people I don’t know, or text messages to subscribe to things I don’t want, or any other things that I didn’t request.
Now, my husband thinks the same way I do, and his phone had been as “clean ” as mine is for a long time. Then was also asked to add his cell phone to his facebook account . For security reasons they said. Being more impulsive than I am, he entered it. This was the only site he ever entered his cell number. He has now been plagued with text messages for subscriptions, contests and a myriad of “what the heck is this? ” messages as well as some calls from telemarketers.
Coincidence ? I think not, and I’ll stand by my decision of not giving my cell phone number to facebook, or google or any other site. There goes the idea of ideal circumstances.
And what about someone like my mother, who at 70 “discovered” facebook? She loves it. Plays 50 thousand facebook games, loves to be in touch with friends that live far from her and has the time of her life in there and has listened to everything I’ve been telling her about private information shared in posts and all security issues. She’s very careful .Yet, she does not have a cell phone and does not plan to have one.
In conclusion, although I do like the two step authentication idea, at least in the examples given I don’t trust the way it’s implemented and I feel that at least another option should be considered. What the other option could be I am not really sure, but my cell phone number is certainly not going to be in any of them.
While I like the two step idea, there is no way I’m giving FB my cell phone number to broadcast through a security hole.
I like the idea of 2FA. I am different than everyone else in the world however, as I do not carry a cellphone and have zero interest in ever having a cellphone.
Another prejudice against older people, especially women. From 50 years of work with shuffling papers, throwing pots on a wheel and using winkle cream off our finger tips, MANY OF US HAVE NO FINGERPRINTS. Come up with something that does not make it hard on old people. Okay?!
This Yahoo Two-Step-Verification is not optional, and it comes on with out warning. I’m so fed-up and i can not even delete my account as i cannot remember my security question.. as i never used it… as i have never forgot my password or login ID… Yahoo sucks… Going to have to go through the bother or setting up with another provider and changing my e-mail address where required.
Two-factor authentication is a very useful way to protect identity and login details of users. Dropbox recently introduced it. LastPass has been making available this facility to users. Gmail does. It is a welcome idea for other services also to follow suit.