Security Tip: Use Two-Step Authentication
Even if you’re careful with your passwords, they can still be captured or reset by attackers (it happened to technology writers at Wired and ZDNet). Two-step authentication stops a compromise of your security by identifying you through a combination of two different components: your password and also something you know or possess. An attacker needs to take a second step after your password to get in to your account (such as, answering your personal identification question or entering a code from your phone, which they wouldn’t know and don’t have, obviously).
This may seem like extra work to enter both your password and an extra code from your phone, but most services remember your device / browser so you’ll only need to enter the code from your phone once on a new device. A potential hacker cannot enter your account from their own device since your code is only allowed to send from your phone.
For Cru staff, your @cru.org Google account is tied to your ministry email and documents. Two-step authentication is required. Visit this post if you need more information: Using Google Authenticator.
If you’re a non-Cru reader, click here to set up Google Account two-step authentication.
Should you set up two-step authentication for other online services you use? That depends on how important your information and identity on that service is. If, for instance, you tried out a service, say, Dropbox, just once to see what it was, then don’t bother. But if you have lots of important personal and ministry documents stored in Dropbox, you should enable two-step authentication for Dropbox.
Here’s a list of services that offer two-step authentication. Clicking on the links for them will take you to the page for how to set up two-step authentication for that service:
What happens if you lose your phone? Most of the services provide some sort of “backup code” to enter in case you lose your phone. If you use a password manager, store the backup code there. You could also print out the backup code and store it in a safe place.
Guest Post by: Dave and Andrew
Dave Raffensperger is on Cru staff in Boston. He and his wife, Erin, are new parents to a sweet little girl.
Follow Dave at @draffenspergeror check out his blog atdavidraff.com.
Andrew Chi is a Ph.D. candidate in Computer Science at UNC-Chapel Hill.
- The photo for this post is available on Wikimedia Commons or on Flickr, by rosmary.
- The Security Series:
- Use a Password Manager
- Check the Web Address and Lock Icon
- Use Two-Step Authentication
- Beware What Programs You Install
6 thoughts on “Security Tip: Use Two-Step Authentication (Guest Post)”
Dave, I had first-hand experience of having my Cru gmail account hacked last week…from somewhere in India. So, I encourage everyone to consider the two-step authentication. Once I set it up, things haven’t really changed regarding my typical log-in to gmail. In other words, it’s been worth the effort!
Brenda, sorry to hear about your hack, but glad you set up the two-step authentication and yeah, it’s definitely worth the effort!
Dave and Brenda, thanks for the comments. I think I’d better make it a priority to check my accounts soon!