We all have online accounts: email, social media, blogging, media streaming, shopping, banking, library, etc., etc. We also know that the passwords most people choose do a rather poor job of locking them down (too short, too simple, too predictable, too re-used). Today I’d like to walk you through three easy ways you can make your online accounts more secure.
This might seem like a bit of an odd topic for this blog, but I think it’s an important one for librarians to have a grasp on, and I think it would make excellent fodder for adult programming as part of any computer literacy or online safety course. It’s also been much on my mind as a 3rd party app recently briefly compromised my Twitter account. I took several steps to bolster that and several other accounts I’d been a bit lax on locking down. Here’s the first post in a series on how you can better secure your own accounts.
Enable Two-Factor Verification Wherever Possible
Two-factor verification refers to any authentication protocol requiring two sources of information–something you know (username/password) and something you have (in most cases, your phone). It adds one step to your sign-in process, but it’s a pretty simple one: after you provide your username and password to a site, you’ll be prompted for a code that will either be sent to your phone via text message or generated through an authenticator app.
The beautiful part of this, at least in theory, is that no one will be able to access your accounts unless they know your credentials and have unfettered access to your phone. What if you lose your phone, you ask? Well, when you sign up you’re provided with a list of emergency codes that you can use for access in such a situation. Print them and put them somewhere safe (don’t store them in an online account you’d need them to access and don’t store them in an online account without first encrypting them).
It’s most important to do this for accounts that are closely tied to your identity (email, social media, cloud storage) and those that are tied to your financials.
Here’s a list of services currently offering two-factor authentication and links to enrollment information (and yes, everyone calls it something different, because they’re all original):
- Google/Gmail’s 2-Step Verification
- Microsoft Outlook’s Two-Step Verification
- Yahoo! Mail’s Second Sign-In Verification
- Facebook’s Login Approvals
- Twitter’s Login Verification
- Box’s 2-Step Verification
- Dropbox’s Two-Step Verification
- Evernote’s Two-Step Verification
- LastPass’s Grid Multifactor Authentication
- PayPal’s Security Key
- GitHub’s 2FA
- WordPress’s Two Step Authentication
- Some banking sites also offer this valuable service–be sure to check with yours if you do online banking!
Update (2/18/14): Evan Hahn has compiled a very thorough listing of sites that offer two-factor authentication. His list is available here.