Hello, I'm here to talk to you about keeping your account safe.
In the last couple of years there's been a relatively new way to securely sign in to services on the Internet. Rather than just sticking to a username/email address and password combination, there's been a shift to adding another layer of security on top of that by requiring a time-sensitive code that only you know to be entered. The idea isn't new, though, and you might have or have seen them in use where a business (especially banks) provides their customers with a [url=https://www.olcf.ornl.gov/wp-content/uploads/2012/03/rsa_securid_fob.gif]code generator[/url] for this purpose. If you have a bank account which is linked to your phone, for example, you might receive text messages with a code to input when you try to purchase something with a large sum of money to ensure it's actually you who's making the purchase.
So what are the advantages and disadvantages of doing this?
Pros:
- Even if someone manages to get a hold of your email address/username [i]and[/i] password, they won't be able to login since they'll need a code only you can generate.
- You can set devices you regularly use (ie. personal desktop) not to ask you for codes in the future.
- If you use one kind of account to sign in to multiple services (eg. a single Microsoft account to sign in to bungie.net and for your Xbox gamertag), you may be at a higher risk of your account becoming compromised because of the information you are directly or indirectly sharing.
Cons:
- Some services become a little bit cumbersome to use. For example, signing in to read your email will require you to enter your email address, password, and code.
- Some services are not compatible with two factor authentication and can only operate off a username/email address and password combination (although you can generate application-specific passwords for these).
If you're using a Microsoft Account, you can enable two-factor authentication (referred to as two-step verification) from [url=https://account.live.com/proofs/Manage]here[/url]. For a Google Account, you can enable it [url=https://www.google.com/settings/security]here[/url]. If you use a different sign in method, you can check from [url=http://en.wikipedia.org/wiki/Two-step_verification#Other_sites_offering_two-step_verification_service]a list of providers[/url] who also currently offer it.
The way in which you get or generate codes will differ based on what's on offer. They might include SMS, pre-generated code printouts, or a code generator application which you can use on your smartphone. The applications will continue working even without an active Internet connection too. [url=https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2]Google Authenticator for Android[/url], [url=https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8]Google Authenticator for iPhone/iPad[/url], [url=http://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b]Authenticator for Windows Phone[/url]. You can use the Google Authenticator app to generate codes for non-Google accounts as well.
-
but does it blend
-
#iTouchMasterRace
-
How do we know you are not using these apps to steal our info?
-
Right now I just use it for my bank, PayPal, eBay, and Gmail accounts.
-
The only two factor method I won't touch with a 10 foot pole is handing over my phone number. Google and Facebook seem to be the guys who bug me for this the most, but I'm willing to bet that I'll get a sharp rise in telemarketing calls if I hand my cell number over to them. Steam and MS have used the temporary code thing a lot recently. If I make changes to my billing info, they'll send an authentication code out. And my banking also uses security questions.
-
I [i]would[/i] use it, but the thought of giving Google, Facebook and the like my phone number is just... I already get a bunch of spammy phonecalls and texts from ambulance chasers and call centres and it infuriates me beyond belief. As soon as Google gets it and Facebook... I bet the frequency of spam would triple ._.
-
My Bnet account isn't that important.
-
I enabled it. I'm taking a security class for the Security+ Certification and I didn't know about this. Thank you Daz, you made me feel like an idiot.
-
-
I've been using two-step authentication for a while already wherever I can. It gives me a peace of mind from having to come up with practically hacker proof passwords which is becoming increasingly difficult anyway.
-
I use it with my Microsoft account, Google can suck a fat one because I NEED to use it for my video watching. Plus, I don't have much on it.
-
I like the extra step in the MS validation where it gives you the last 2 digits of your phone, wants you to enter in the last 4 of them before it will text you the validation code. It is an extra step, but it is WAY better than the days of when any kiddie with dox could pretext XBL support and steal an account.
-
Sadly, since I'm either always logged into something, or too scatterbrained/hurried to let myself be slowed down by a Generator if found that these things are far to annoying for my peace of mind. Which is ironic since I use a 26 digit password for everything... That I somehow never forget...