The reason we have passwords is to make it harder for attackers to get to our stuff. Ideally, strong passwords ensure that we’re the only ones who can access our email inboxes, our social media profiles, our bank accounts, and our Amazon shopping carts.
Unfortunately, passwords by themselves aren’t always strong enough to accomplish that goal. Don’t believe me? Just head on over to Pastebin and spend some time searching for pastes that contain user account + password combos. It won’t take long for you to find them. Trust me.
Better yet, head on over to Google News and do a few searches on password breaches and forced password resets. Amazon, Comcast, Linode, LiveStream, WordPress… even Hello Kitty isn’t safe. HELLO KITTY!
The worst part? Users often find out about these breaches after it’s too late, after the damage has been done. It would really be swell if we had a way to make it even harder for attackers to gain access to our online accounts, wouldn’t it?
Yeah, it would. (Cue the music…)
Ladies and gentlemen, I give you… TWO FACTOR AUTHENTICATION!
The short version: Some of the most popular websites have added another layer of security that makes it a lot harder for attackers to get to your stuff. The cool part is that these same websites have worked really hard to make sure this extra layer of security isn’t a huge hassle for legitimate users.
If you turn on two factor authentication, you’ll be asked to plugin your username, your password, and another factor to prove you really are who you say you are. In many cases, that other factor is a short numeric code texted to your smartphone, a random number generated by an app like Authy or Google Authenticator.
To make it even more convenient, some of the websites will remember your computer as a trusted device, meaning that you don’t have to plug in that second authentication factor every time you login from your home machine.
I HIGHLY recommend that you turn this on wherever possible. Attackers are getting more and more sophisticated, and people who start using two factor authentication now are less likely to be impacted by an account compromise.
If this sounds like something you want to check out, here are links that will help you enable two factor authentication on a number of sites that you’re probably using today.
- Amazon Web Services (AWS)
- Apple ID
If you have a site that isn’t on this list, check out TwoFactorAuth.org. Their list is INSANE, and they’ll help you tweet companies who need to get with the times.
Stay safe out there!