The Internet about 10 years ago was only for accessing information, news, sending & receiving emails or entertainment; today these are not the only reasons. We use the Internet for financial transactions - online banking, online shopping, and virtual cloud servers for storing confidential information or photos/videos. As our interaction with the virtual world is increasing, the security becomes more essential and crucial. Today the long alpha-numeric passwords are also vulnerable and can be hacked or known to people close to you.
To ensure more security, a new method is being implemented by most websites, called the 2-Step Verification. This method adds a second layer of security over the already existing passwords. The 2-step verification requests the user to provide a dynamic code along with the regular password. This code is generated instantly, and expires if not used within few minutes.
What is 2-step verification?
Reference Wikipedia - "2-step verification is a process involving two subsequent but dependent stages to check the identity of an entity trying to access services in a computer or in a network with just one factor or secret, whilst there is no proof obtained that the bearer of the unit is identical to the owner of the unit."
In general terms, 2-step verification allows users to have a password and an additional on the fly code. This acts as a secondary password for authentication as a user. The mostly numeric (at times alpha-numeric) code is pushed to the user from the website via an SMS, email and / or using authentication applications. This code is generated instantly and is valid only for a short duration. The code expires if not used within the stipulated time frame.
This is similar to the authentication tokens (USB sized device) provided by select banks to its online banking customers.
Most of the websites have begun implementing the 2-step verification. Google was the first Internet company to introduce the 2-step verification process, for its internal usage and then rolling it out to the general public. To get a comprehensive list of websites offering or in the process of offering the 2-step verification, visit TwoFactorAuth
Once setup, 2-step authentication does offer better security. This security comes at a cost of an additional step; that is to enter the dynamic code along with the password. If someone knew your password, or managed to guess your password, they could access your account from anywhere. Now, they'll need to know your password and have access to your phone/computer (which itself would have a password/lock). If you access this account mainly on your personal computer/laptop, it can be set to remember the credentials. This bypasses the need to enter the password and the 2-step verification. The 2-step verification comes handy when accessing protected websites on public computers like at an internet cafe (if they still exist), a friend's computer or at work.
Ways to access it - SMS/Email/App
2-step verification can be setup via multiple methods. This method is defined by the website offering the security. Few websites offer to set up your mobile number for the One Time Password to be shared via SMS. Some websites allow setting up an email address for the same purpose after verification of the email account. Another option offered is via a mobile-based application. This application is verified by the website and once setup, the dynamic code is refreshed every few seconds or minutes.
Google offers to set up 2-step verification via SMS and their own application called - Authenticator (available on Android & iOS). While Authenticator is developed by Google, the application can, however, also be used for setting up 2-step verification for other websites like Facebook etc.
There is also a third party application Authy This application is available for iOS, Android, Blackberry, Mac OS X, Windows, and Linux as well. Authy is more versatile compared to Authenticator and is available for more platform along with additional features missing in the Google's own application.
Apple, on the other hand, offers 2-step verification only via SMS. This process requires you to use the One Time Password shared whenever you wish to access your account.
Mis-happenings can occur to anyone; even to the most attentive and alert human-beings. In a situation if you have lost or misplaced your mobile device setup for SMS or even the application. There are few options available to still be able to access your account in emergency:
Authy: Allows access to the dynamic code from computer/laptop running - Windows Mac OS X and Linux. However, this requires prior setup.
Backup Code: Most the websites offering 2-step verification provide users the backup code. This code or a list of codes can be printed and kept in a secure place by the users. These backup codes are one time usable and are beneficial when in an emergency situation.
How do you set it up?
Now that everything is said about what is 2-step verification, ways to access dynamic codes and how to handle emergency situations. The next valid point is to understand how to set it up?
Here is how you can set up 2-step verification for the most popular services:
- Sign into your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then clicking Account.
- Scroll down to the "Signing in" box.
- Click 2-step Verification. This will bring you to the 2-step Verification settings page.
- You will then see a step-by-step guide which will help you through the setup process.
- Once you’re done, you’ll be taken to the 2-step Verification settings page again. Be sure to review your settings and add backup phone numbers.
- You’re done! Next time you sign in, you’ll receive an SMS with a verification code
Note: You also have the option of using a Security Key for 2-step Verification.
Support - Google Support
- Go to My Apple ID.
- Select Manage your Apple ID and sign in.
- Select Password and Security.
- Answer your security questions and click Continue.
- Under 2-Step Verification, select Get Started and follow the onscreen instructions.
Support - Apple Support
- Open your Facebook and go to "Account Settings".
- On "Security Settings", in "Login Approvals" click "Edit".
- Click "Get Started".
- Enter a name and click "Add Browser".
- Select "Android, iPhone or iPod Touch".
- Enter your Cellphone number.
- Wait for the verification code to arrive and enter it.
- Click "Close".
Support - Facebook Support
- Go to your Security and privacy settings on twitter.com and select the option to Send login verification requests to my phone.
- When prompted, click Okay, send me a message.
- If you receive our verification message, click Yes. (Note: you'll have to enter your password).
Now, when you login to your account on twitter.com, Twitter for iOS, Twitter for Android, or mobile.twitter.com, a six-digit login code will be sent via text message to your phone. Enter the code when prompted to access your account.
Support - Twitter Support
The internet has become more integral part of our lives. Today internet is our bank, our mailbox, our precious secret locker, our photo album and our source of entertainment. It is one place which is more personal to each of us as an individual. Hence, it is necessary to protect our web accounts with more than just a simple password (even when it is complicated). 2-step verification should become a standard procedure for all the websites storing user information. Until then, be proactive and set up 2-step verification on the websites which offer it.
Have a secure access to your account, enable 2-step verification, today!