Skip to main content
two_factor_authentication
TechTank

Spare yourself the headache of a hack—enable two-factor authentication

and

Hardly a week goes by without news of another hack of user data. Just last month Google released a password-reset alert service only to have it compromised with just seven lines of code. Last year several celebrities fell prey to an iCloud hack that exposed private photos onto the Internet.

Having a strong password is the first line of defense against hacks. Unfortunately long passwords are hard to remember and are still vulnerable to the most sophisticated attacks. Fortunately there is a better tool at your disposal that more-and-more sites are offering: two-factor authentication.

We’ve enabled two-factor authentication on several of the most-used email clients, social networks, and cloud services and hope our collective experience convinces you to enable this increasingly essential security feature. We’ll detail two-factor authentication on Google, Twitter, and Dropbox, but there are many other popular services like Apple’s iCloud, Microsoft, and Facebook that offer similar protections that you can enable as well.

Google 2-Step Verification

Accessing Gmail and many other Google services hinges on one password that enables access to everything from Google Spreadsheets to the Blogger account you had in college. It is essential to enable Google’s 2-Step Verification lest you want a hacker someday with access to your personal emails or more.

You can enable two-step authentication in your Google Account security settings. Then enter your cell phone number so that you are able to receive verification codes over SMS. If you want to move Google verification codes out of your text message inbox, you can download the Google Authenticator app, available on iPhone, Android, and Blackberry phones.

One wrinkle with two-step authentication is granting access to applications and clients that access your Google account information. Many of these are not set up to process two-step authentication and require what Google calls app-specific passwords. For example, if you use an email client like Outlook, you may have to set up one of these passwords to gain access to your email after you’ve enabled two-step authentication. App-specific passwords are automatically generated and meant to be entered once.

Many popular email clients are supporting Google 2-Step Verification, including Apple. If you use an iPhone, iPad, or Mac to access your Gmail and have usethe latest versions of iOS and OS X, the system will prompt you for Google verification codes, eliminating the need for app-specific passwords.

With Google 2-Step Verification, hackers will need more than just your password to access your Google Account, including your email. Chances are securing this will save you a ton of trouble if you ever found your password compromised.

Twitter login verification

The number of stories about a celebrity or organization dealing with someone hacking their Twitter account and releasing a torrent of embarrassing or offensive tweets on their followers Just last month pranksters hacked Tesla’s account and their CEO Elon Musk’s personal account, promising free Teslas if users called a phone number, which ended up belonging to a computer repair shop in Illinois. You can prevent embarrassing incidents like this from happening to you by enabling Twitter login verification.

Related Books

Set up is simple. First link your phone number to your Twitter account on the settings page on a desktop browser under the mobile section. You must have access to your cell phone to verify it in order to proceed.

Next click the security and privacy section on the settings page. When you enable login verification you will receive an additional text message to verify that notifications are working. Once you affirm this, you will need to verify with your mobile phone for any unrecognized attempt to login to you Twitter account. This extra step can spare you or your employer from an embarrassing or damaging hack.

Twitter also allows you to verify login attempts with mobile clients you have installed on your phone or tablet. This means you can verify login attempts in the security settings in the app on your device. This is a useful feature, although you may only enable this on one device. For example, if you are using Twitter on your iPhone and iPad, you might find yourself annoyed having to verify the login attempt in your second device while you are trying to use the first one. It can be an inconvenience, but overall you will benefit from the enhanced security.

Dropbox

Authors

Cloud platforms have become useful tools for syncing files across multiple devices. Dropbox is widely used for personal- and business-related activity, so it is essential to secure. Fortunately Dropbox offers two-step verification with the option of signifying a backup number in case you are separated from your primary cell phone.

To enable, login to Dropbox and access your account settings. In the security tab, enable two-step verification. You will need to add and verify at least one cell phone number to proceed. Adding a backup number will allow you to verify access to the account if you’ve lost your primary phone. When logging in without your primary device, just click “I lost my phone” to proceed with verification on the backup device.

Dropbox allows you to manage all active user sessions on your account. On the security page you can cut off access to an unrecognized device or browser, forcing these unauthorized users to undergo two-factor authentication in order to regain access.

Backup codes

A major obstacle to two-factor authentication is needing to access your account when you are without your cell phone. If the service you’re using does not offer a backup device like Dropbox, you may need to have a recovery key or code you can use to “break in” without two-factor authentication. This backup code works like a second more complicated password that you don’t have to remember but need to access when you are locked out of your account.

In addition to letting you set up a backup number, Google lets you generate backup codes you can use to access your account. Twitter will generate a backup code if you enable login verification through a Twitter app on your tablet or mobile phone. Dropbox lets you generate a recovery code you can use to gain access to your files. Once you have generated the codes, it’s good to print these out or save them someplace that only you can get to.

No security precaution is impervious, and the backup code is certainly two-factor authentication’s Achilles’ heel. For example, saving your backup codes in text document might seem secure, but if a hacker compromises that file, it could compromise all of your accounts. Pay special care where you place any of your two-factor backup codes.

If you’ve never been hacked, you might think all of these security measures are too much to worry about. But if you’ve ever been hacked, you know that even a modest effort to secure your online accounts is well worth the peace of mind.

Get daily updates from Brookings