Yesterday, Lifehacker wrote an article listing all the major websites that have added multi-factor authentication to their site security. Many of the sites rely on either their own mobile app, or the Google Authenticator mobile app to provide the “something you have” portion of their authentication process. Most offer to send codes to your phone via text message, as an alternative to an app-based solution.
Sites offering this capability include the three big webmail providers (Google, Yahoo, and Microsoft) as well as the major social networking players (Facebook, Twitter, LinkedIn). Apple rounds out the last of the major mobile players, and popular services like Dropbox, Evernote, PayPal, and yes, WordPress all offer this security enhancement.
I took the time to go through the list of providers, and enable two-factor with every service I use. I encourage everyone to do the same. This extra step may seem like an inconvenience, but only if you’ve never had any of your accounts compromised. I once lost control of my Gmail account to a stranger, who then used it to send spam. I was able to regain access to my account, and immediately stepped my security regimen. Two-factor auth would have stopped that breach in its tracks, since the culprit would not have had access to my code generator.
While we’re at it, make sure you use a password manager. I’m partial to LastPass (which also offers two-factor auth for their service). LastPass allows you to generate very strong, long passwords. You don’t even need to remember them. All you need is your master password…and your 2F auth code, of course. LastPass even analyses all of your stored passwords, and let’s you know where you can improve your security.
One last thought: these services offer different recovery methods should you lose your phone. Some revert back to texting codes to alternate phone numbers. Others provide a list of one-time-use backup codes. Make sure you provide all the information needed, and save any codes generated. The last thing you want to do is cut yourself off from your own accounts.
Resource: Two-Factor Authentication List
Update 12/15: Evan Hahn has a very comprehensive list of sites offering two-factor authentication. You can find his list at http://evanhahn.com/tape/two-factor-auth-list/
Related articles
- You Should Be Using Two-Factor Authentication. Everywhere. (algonquinstudios.com)
- Multi Factor Authentication – An introduction and set-up tutorial (coinjar.io)
- Feature Friday: Two Factor Authentication (avc.com)
the anamorphic man 