A few weeks ago, Apple introduced two-step verification for Apple ID users. The secondary security measure is nothing new, yet with the recent increase of online hacking, more service providers are looking towards supplementary options to protect their customers. And following the very public hacking of a Wired reporter’s Apple ID last year, which led the demise of his entire digital life, Apple needed an alternative line of attack to stop hackers. Even more recently, Microsoft introduced two step authentication measures for users, something it had previously been lacking.
So, what is two-step verification and how can it help you from being the victim of online identity theft?
What Is Two-Step Verification?
The first step to securing online accounts is having a unique password for each website. Using the same password or passphrase for every account can lead to a daisy-chain, meaning if hackers crack one account they will easily be able to access the others. Yet, even the trickiest of passwords can be stolen. That’s where two-step verification comes in. Also known as two-step authentication, this process provides users with an extra layer of protection on their accounts, as it requires two factors: something users know (their password) and something users have (like their smartphone). Two-step verification uses a person’s phone as a second form of identification. Service providers send a text message with a numeric code, known as a verification code, to a user’s phone when they are trying to sign-in to their account. Many online services offer the feature, which users must enable themselves.
Similar to an ATM card and a PIN, users must have both their password and the verification code in order to access their account. Meaning if their password falls into the wrong hands, that person must also have the user’s phone to sign in. Users can also opt to receive the verification code through an app on their smartphone, depending on the account provider. While it may seem like a burden to type in a code every time you want to sign in to your email or cloud accounts, most providers have a “remember” function, which will remember the device signed in and won’t ask for a verification code again. While the setup takes a few minutes, it certainly takes less time than trying to piece together the remains of your digital life after a hack.
How Can I Setup Two-Step Verification?
Google implemented two-step verification a few years ago for Google accounts, including Gmail. Though many service providers have followed suit, as Yahoo! Mail, Microsoft, Dropbox, and Facebook all offer two-step authentication options. The two-step system is not difficult to implement or to use, with Google’s process only taking a few minutes.
Those using Gmail or other Google services can setup the extra security measure by logging into their account and choosing “Account,” under their name at the top right of the page. From there, choose “Security” from the menu options, at which point a tab will appear for two-step verification. Click on “Settings.” Users will then be asked to re-enter their password, after which the two-step wizard will appear and guide them through the process. Google will then ask for a phone number that will be used for verification. Users can either enter their home telephone number to receive a voice call with a verification code, or they can enter a mobile number. The latter is the better option for those who usually access their accounts from multiple locations.
After the initial set up, users signing into Google will enter their username and password as per usual. They will then be asked to enter a verification code, which Google sends to the phone number entered by the user in the two-step verification set up. Codes can be sent via text messages, voice calls, or can be accessed through the Google Authenticator app. After entering the code, the user will be able to access their accounts. At this point, the user can choose whether or not they would like the device they are on to be remembered, so they won’t have to enter a verification code for the next 30 days. Google also provides backup codes in the event a smartphone is lost, stolen, or not readily available.
Apple uses a similar process for implementing two-step verification on Apple IDs and iCloud, as does Dropbox, which rolled out the extra security measure after an employee’s account fell victim to a spam attack. Yahoo! Mail is similar to Facebook’s login approvals in that it will only challenge a user if they feel a “suspicious account sign-in attempt” is in progress. At that point, a verification code is sent to the Yahoo! Mail user’s phone. Amazon also offers two-step verification for its Amazon Web Services like the Amazon S3 storage service, though the feature isn’t available for the average Amazon account. Users can set up multi-factor authentication through Amazon’s Virtual MFA app or Google Authenticator.
While two-step verification isn’t the end-all for hackers, it will certainly act as a roadblock from allowing them to easily access a user’s account. When people store personal information online, whether it is in their email, cloud, or on a one-click shopping account, they are putting their identities at risk. Users might think their accounts are protected because they use different passwords for each website or have personal security questions enabled, but this information can be easily guessed, cracked or stolen.