Between the combination of security leaks by the sites you visit and brute-force attacks, keeping the bad guys out of accounts has become increasingly difficult. One way to limit your exposure to the bad guys is to use Two Factor Authentication (TFA) on your accounts. We highly recommend you go through the steps to set up TFA on any service you use that supports it. You may not think much of some service, but the bad guys can use what may seem like unimportant accounts to gain additional information in order to access more sensitive accounts later.
There are a few different forms of TFA commonly supported by sites and services. Probably the most common and easy to use is to register your mobile phone number with the site and require that they send a text to that number when you login. The site will then require you to enter this number after logging in and before you can access your account. With this type of TFA in place, a potential bad guy would need to have your phone in hand to receive the SMS, even if he had your real password.
One-time Passcode Methods
Other common TFA technologies include:
Both of these technologies use a one-time passcode (OTP) to give the holder of the item a number that is good for a limited timeframe. Much like the SMS TFA option, these require the account user to have the physical device that is generating the OTP codes in hand to login.
To get started using one of these technologies, you would need to either purchase a YubiKey or install the Google Authenticator app onto your device. Google Authenticator supports many platforms including the Pebble smart watch. Once installed, you will add keys per application and/or site you want to access.
With the new iPhone 6, it is also possible to use biometric authentication to allow access to services such as LastPass. The new apps will allow support for the iTouch technology and each time you login or launch the app, it can verify your identity using your fingerprint.
Common Sites that support TFA
One service we use at Six Feet up and always want to protect with TFA is LastPass. Luckily LastPass supports all of the above technologies we have in this article plus others such as:
EXAMPLE: To enable one of the available TFA methods for a LastPass account, just login to your vault and go to “Settings”. The “Security” tab will have the Grid and Fingerprint options listed, but the other multifactor methods are listed on the “Multifactor Options” tab. Once you choose your method, LastPass will walk you through setting up your device.
Tip: Make sure to check your bank’s website and if they don’t support TFA yet, email to ask that they do.
Here are some other commonly used sites that will allow you to set up TFA:
- AWS – SMS, Gemalto, Google Authenticator
- Google Apps – SMS, YubiKey, Google Authenticator
- Twitter – SMS, App Push Notifications
- Facebook – SMS
- Hootsuite – SMS, Google Authenticator
- Directnic – Google Authenticator
- Apple ID – SMS, iOS Push Notification
- Github – SMS, Google Authenticator
- PayPal/eBay – SMS
- Dropbox – SMS
- EverNote – SMS, Google Authenticator
- Skype – via your Microsoft Account
If you want to find other services that do support TFA, the Two Factor Auth site lists many options that are available.
Did you find this article useful? Want to learn more about TFA? Leave a note in the comments