Posted 16th January 2014 | By Ean Faragher, Operations Director

If I told you that by enabling one feature on Facebook, Twitter, Linkedin, Google, Microsoft, Apple and more you could increase the security on your account you’d hopefully do it.

If I then told you that it would stop your accounts being compromised even if your password is discovered in a hacking attempt, even if someone who knows your password tries to access your account without permission, even if someone steals your laptop and tries to login using saved passwords you would hopefully enable that feature pretty sharpish. 

This isn’t just me dreaming about a more secure online world, it’s a real feature that has been enabled by a number of popular online services. Two-Step Authentication (2SA) allows you to gain all of these advantages. The trade-off is making logging into these services slightly longer.

It works by asking for your password (and username) but also using your mobile device to send a pin or code that you need to enter to login. It’s similar to the Two Factor Authentication (TFA) systems online banks are using (e.g Secure Keys, Card Readers etc.) but using your mobile phone as the physical device rather than a dedicated piece of hardware. 

Setting this up on most services is fairly straight forward – you can find a list of services and how-to’s at Evan Hahn’s excellent blog post here.

Two Step Authentication doesn’t mean you can ignore security by using weak passwords or not checking sites to make sure they’re secure. It should be seen as an extra layer of security, not a replacement for good security in the first place. 

Two Step Authentication can still be subject to hacking using the ‘Man in the Middle’ (MitM) approach – similar to phishing a site looks like the service you want to access and enters the details you put into their site into the original service. Once that happens the real service will send the code to your mobile phone, you enter it into the fake site and they have access to your real account by entering that code into the real site.

Ultimately the strongest security tool you can have is awareness. By being aware of how hacking can work, how your sites can be compromised and being suspicious of anything that prompts you to enter your details you can protect yourself to some extent. What 2SA does is make sure that if your password is cracked or leaked by a site with poor security then anyone using those details to access other services will not be able to – and you’ll be alerted that you’re details have been leaked when you receive 7 or 8 text messages from services you haven’t attempted to log in to. 

Written by Ean Faragher 

At ExtraMile we try to take an hour out each week to look around us at what others do and to gain inspiration and to admire people's creativity. Each post in this series is one staff member's take on the world of web, design and things online. We hope you enjoy it.

 

Ean

About Ean | Meet our Operations Director

Problem Solving Operations Director