Wednesday, March 11, 2015

Two-Step Verification: An added layer of security


You most likely use passwords everyday in your life. Unfortunately, they are not as secure as they once used to be. Even if all your passwords are different across a multitude of accounts, it will do little to ensure security if an attacker gains access to your email. To be blunt, passwords are fundamentally flawed. To add an extra layer of protection from malicious attackers trying to pry their way into your account, consider 2-step verification. 2-step verification ensures security of your account beyond a regular username and password with added authentication.

Authentication is a step of proving that you are indeed yourself, the legitimate owner of the account, before granting access. The problem with standard authentication is that it only relies on something you know, a username and a password. Often, this can be guessed, cracked, or compromised in some wayAttackers, if equipped with these credentials, can easily access the account cloaked as the authentic user, making it difficult to regain control. 2-step verification is built upon something you know such as a password, and something you have like a mobile phone, fingerprint, or key.

This is where Google 2-Step verification steps in. Logging into a Google Account that has 2-step verification enabled, requires a unique, time-sensitive code in addition to the standard username and password (this code can be sent to your phone via SMS or with an application like Authy or Google's own Authenticator). It is an extra step, but it helps ensure that your account is extremely difficult to compromise. Essentially, with Google you are combining two things: your standard credentials and something that only you have access to--your phone. Think of Google's 2-step verification as a layer of security similar to that of a bank's ATM. You insert your bank card (something you have) and input your PIN (something you know). A robber would need to gain access to both of these factors to gain access to your account, plus, with 2-step verification, your "PIN" changes every 45 seconds.


The process to set up your Google 2-Step Verification is user friendly and generally takes about 15 minutes. This small amount of time to ensure maximum security to your invaluable data will save you the stress of having your account compromised.

Signing in with Google's 2-Step Verification is simple.
  1. Go to the sign-in page and enter your username and password like you normally do.
  2. Google's system authenticates your username and password, and if they are correct, you will then be asked for a six-digit code, which you'll get from your phone.
  3. After you turn on 2-step verification, non-browser applications and devices that use your Google Account will require an application-specific password to allow this application to connect to your account -- you only have to do this once for each application or device.
The benefits of 2-step verification are simple: Access to an account depends on a user to consult the source that is not readily available on the computer and is singularly designated in order to gain access to an account. 2-step goes much further to protect your information, as criminals have to work much harder to compromise your accounts.  

Set up 2-step verification on every account you can. In addition to using a secure, unique password for each account you have, it's one of the best and easiest ways you can protect yourself against any kind of data vulnerability.