Saturday, September 20, 2014

2 Factor authentication.

Now is probably the time you should be turning on 2 factor authentication for websites, especially if you cannot remember complex passwords.

This should be definitely turned on, especially for the email address that use to send your password resets to.

I have used Google's 2 factor authentication for my google sites (and any other sites that I can add to this for some time.)  Its simple, works with an app on my mobile phone and has backup codes incase you lose the phone as well.

Setting up is easy, download the Google Authenticator app onto your mobile phone, then on your PC log into your google account and enter the account area, follow the tab for security and enter the 2-step verification page.  Choose the method that you wish to use to verify your account, and then follow the instruction to set this up.

I used the method which continually provides me with one use codes on my phone, as long as you have your phone with you you can use your password and the code to enter your account.

For PCs that you use all the time and where convenience is more important than security, then you can set these up to not require 2 step authentication, and indeed override this should the PC be stolen or you are ready to dispose of.

This method can be used with some other companies systems as well, one of the other accounts that I use with Google authenticator is my hotmail account to get access to all my microsoft systems.

Facebook also have a version of 2 factor authentication for login, which relies on you receiving an SMS on your mobile when you log into a browser or device that Facebook does not recognise, I would strongly recommend this feature being activated as well.

This advice is no excuse to have a simple password, but it can help mitigate any risks from a weak password, bearing in mind that even a complex password if your really unlucky be surprisingly weak.