Popular password manager LastPass was hacked, and while the company insists that no actual passwords were taken—it appears only less-sensitive information such as email addresses and password reminders was compromised—it’s still a bummer. For some, however, it’s much less of a bummer, because they’re using a feature that is built into almost every reputable website that makes even a hacked password virtually useless to anyone who might obtain it: Two-factor authentication.
Let’s just get this out of the way right now: You should be using two-factor authentication on every one of your accounts that supports it. It’s not a matter of it being “worth it,” and there’s no debate over its usefulness. It’s a fact that adding an extra layer of protection to your email, bank account, PayPal login, or social network profile is simple and necessary if you want to continue a peaceful online existence.
If you’re not familiar with the way a two-factor authentication system works, it’s a fairly simple idea to grasp:
When you enable multi-factor security, your password no longer becomes the skeleton key to opening up your digital vault. Instead, your password works in concert with your phone or other secondary verification method, requiring an attacker to not only mine your password but also be in possession of one of your gadgets.
When logging onto your account from a device that hasn’t been verified—like a hacker who obtained your password might attempt to—the user will be prompted to verify their identity via a text message, email, or app notification sent to the owner’s device. It’s simple and foolproof, and most popular digital services already have the option built right in.
Below you'll find a list of sites with directions on how to enable this crucial security feature for each one.
- Google makes two-factor protection a simple affair across all your Google-centric accounts. Start by visiting the 2-Step Verification tutorial.
- Click the Get Started button and sign into your Google account.
- Enter your phone number and select whether you want text messages or phone calls for your approval codes.
- If you want, you can also add backup phone numbers and jot down backup codes to use if you're ever unable to verify your account from your phone for whatever reason.
- Head to the account settings page and toggle the option to "Require a verification code when I sign in."
- Add your phone number and complete the verification with your device.
- Now, every time you log on to Twitter from a new device you will be prompted to enter a unique one-time use code.
- From your Facebook Settings menu click on the Account Security tab.
- Click Login Approvals and enable the option to "Require a security code to access my account from unknown browsers."
- Add your phone number and verify it.
- Facebook will now send your phone a one-time use code whenever someone attempts to log onto your account from an unrecognized device.
- Apple now lets you add two-factor authentication to iMessage, iCloud, and FaceTime. Start by singing in with your Apple ID.
- Click on the Password and Security tab and then click Two-step Verification.
- The site will walk you through the short process of verifying your devices.
- PayPal has offered its security key authentication system for a long while, and it remains largely unchanged today. Sign into your PayPal account and head to the Security Protections page.
- Read up on how the security key works—it's largely the same as the others above—and then register your phone so that it can be used for account sign-in.
These are just some of the sites that support two-factor authentication. It's such a simple, easy-to-use feature that it's crazy to think that huge numbers of people are living their digital lives without it. Please, take a few moments to protect yourself from future password hacks and compromises and seize control of your online identity.
Photo via Holly Norval/Flickr (CC BY SA 2.0)