Security Tip: Use Two-Step Authentication
Even if you’re careful with your passwords, they can still be captured or reset by attackers (it happened to technology writers at Wired and ZDNet). Two-step authentication stops a compromise of your security by identifying you through a combination of two different components: your password and also something you know or possess. An attacker needs to take a second step after your password to get in to your account (such as, answering your personal identification question or entering a code from your phone, which they wouldn’t know and don’t have, obviously).
This may seem like extra work to enter both your password and an extra code from your phone, but most services remember your device / browser so you’ll only need to enter the code from your phone once on a new device. A potential hacker cannot enter your account from their own device since your code is only allowed to send from your phone.
For Cru staff, your @cru.org Google account is tied to your ministry email and documents. Two-step authentication is required. Visit this post if you need more information: Using Google Authenticator.
If you’re a non-Cru reader, click here to set up Google Account two-step authentication.
Should you set up two-step authentication for other online services you use? That depends on how important your information and identity on that service is. If, for instance, you tried out a service, say, Dropbox, just once to see what it was, then don’t bother. But if you have lots of important personal and ministry documents stored in Dropbox, you should enable two-step authentication for Dropbox.
Here’s a list of services that offer two-step authentication. Clicking on the links for them will take you to the page for how to set up two-step authentication for that service:
What happens if you lose your phone? Most of the services provide some sort of “backup code” to enter in case you lose your phone. If you use a password manager, store the backup code there. You could also print out the backup code and store it in a safe place.
Dave Raffensperger is on Cru staff in Boston. He and his wife, Erin, are new parents to a sweet little girl.
Andrew Chi is a Ph.D. candidate in Computer Science at UNC-Chapel Hill.