Take a long, hard look at your friends, loved ones and colleagues.
Do some of them not seem to struggle as much with computer security issues as you do? Do you find that *you’re* the one who gets hacked, and they seem to get away scot free?
Well, it may be that they know a geek secret.
Fortunately, you don’t have to be a geek to know a geek secret. But you do have to keep a close eye on how geeks protect their systems, and learn lessons about how you might do the same.
With that in mind, here is a tip that the geeks know about – but of which, sadly, many computer users are still clueless.
How to get better security for your online accounts than with passwords alone.
Find out below, or watch my latest video to learn more:
Two factor authentication (2FA), also sometimes referred to as two step verification or login verification, is an extra layer of security that you can enable on a long, long list of websites.
You see, normally you access your online accounts by proving that you know something: your password. That’s all very well, but people get careless with passwords, perhaps because they get phished, or share it with a colleague, re-use it on multiple websites, or simply make it easy to guess or crack.
What 2FA does is take security one step further. Rather than simply asking you to prove what you know (your password), they also want you to prove what you have in your physical possession.
The idea is that although a hacker might be able to steal or crack your password from the other side of the world, chances are that they will find it a heck lot harder to gain physical access to one of your possessions. And, when it comes to protecting against hackers, anything which makes their lives more difficult increases the chance that they will simply move on and look for an easier target.
So, a website account which has 2FA enabled doesn’t just ask you for your password, it also asks you to prove that you have a device in your physical possession by – for instance – entering a randomly generated number that has been sent to your mobile phone, or displayed by a smartphone app. With some sites, such as some banks, you may even have been given a hardware token that will generate the number.
This makes life much trickier for the bad guys trying to break into your account, because even if they have determined your password they won’t know the magic number that changes every 30 seconds or so.
2FA isn’t entirely foolproof. There are sophisticated attacks that determined attackers can use to try to crack into even the accounts which are protected with two-factor authentication. But it does make it so much more difficult for attackers to successfully compromise your online accounts, that the vast majority simply will not bother.
And that has to be good news.
For a great list of websites that support 2FA in various forms visit 2fa.directory.
Read more about two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
5 comments on “Geek secrets: How to get better security than passwords alone”
Sorry to point this out but 2FA is not the same as 2SV.
"The difference between two-factor and two-step authentication."
Thanks Bob. I feel that the difference between 2SV and 2FA gets into a level of geekiness that isn't the province of this article – which was to encourage non-geeks to have an additional level of protection than just a mere password!
The important thing is – whether it's technically 2SV or 2FA – turn it on!!! As if you do, chances are that your account will be better defended from the bad guys.
I wish there was an option for those of us who do not have smartphones
Use WinAuth (https://winauth.com/) for Windows, and OTP Manager (http://www.stickybit.nl/apps/otpmanager.html) for Mac.
There are also Chrome-based plugins for Linux that allow TOTP.
Plenty of other ways Tom to increase your security:
You can use 'dumb' 2SV – e.g. get Google to call your landline/mobile with an authentication code; i.e. automated voice calls you with a OTP.
Use something like the YubiKey.
Some websites support printable grid matrices.
(Other methods are available).