Hello, I'm here to talk to you about keeping your account safe.
In the last couple of years there's been a relatively new way to securely sign in to services on the Internet. Rather than just sticking to a username/email address and password combination, there's been a shift to adding another layer of security on top of that by requiring a time-sensitive code that only you know to be entered. The idea isn't new, though, and you might have or have seen them in use where a business (especially banks) provides their customers with a [url=https://www.olcf.ornl.gov/wp-content/uploads/2012/03/rsa_securid_fob.gif]code generator[/url] for this purpose. If you have a bank account which is linked to your phone, for example, you might receive text messages with a code to input when you try to purchase something with a large sum of money to ensure it's actually you who's making the purchase.
So what are the advantages and disadvantages of doing this?
Pros:
- Even if someone manages to get a hold of your email address/username [i]and[/i] password, they won't be able to login since they'll need a code only you can generate.
- You can set devices you regularly use (ie. personal desktop) not to ask you for codes in the future.
- If you use one kind of account to sign in to multiple services (eg. a single Microsoft account to sign in to bungie.net and for your Xbox gamertag), you may be at a higher risk of your account becoming compromised because of the information you are directly or indirectly sharing.
Cons:
- Some services become a little bit cumbersome to use. For example, signing in to read your email will require you to enter your email address, password, and code.
- Some services are not compatible with two factor authentication and can only operate off a username/email address and password combination (although you can generate application-specific passwords for these).
If you're using a Microsoft Account, you can enable two-factor authentication (referred to as two-step verification) from [url=https://account.live.com/proofs/Manage]here[/url]. For a Google Account, you can enable it [url=https://www.google.com/settings/security]here[/url]. If you use a different sign in method, you can check from [url=http://en.wikipedia.org/wiki/Two-step_verification#Other_sites_offering_two-step_verification_service]a list of providers[/url] who also currently offer it.
The way in which you get or generate codes will differ based on what's on offer. They might include SMS, pre-generated code printouts, or a code generator application which you can use on your smartphone. The applications will continue working even without an active Internet connection too. [url=https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2]Google Authenticator for Android[/url], [url=https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8]Google Authenticator for iPhone/iPad[/url], [url=http://www.windowsphone.com/en-us/store/app/authenticator/e7994dbc-2336-4950-91ba-ca22d653759b]Authenticator for Windows Phone[/url]. You can use the Google Authenticator app to generate codes for non-Google accounts as well.
-
I've been using two-step authentication for a while already wherever I can. It gives me a peace of mind from having to come up with practically hacker proof passwords which is becoming increasingly difficult anyway.