Although a lot has not been made clear yet about the recent announcement that a Russian crime ring had amassed 1.2 billion user identities (a combination of user names and passwords), one thing that should be clear is that protecting your online identity with simply a password is not good enough. This type of identity theft activity has been going on for years and is why major social and email Internet sites offer multi-factor authentication to their users. Even computer social gaming sites like Steam and Blizzard offer multi-factor authentication to their players.
Multi-factor authentication is the use of two of the three established ways to identify a person’s identity, what you know (like a password), what you have (physical token or even your cell phone), and what you are (DNA or fingerprints). Using multi-factor authentication is the best way currently available to ensure your accounts don’t get abused. Multifactor authentication increases security by adding another barrier to entry; it requires something you’ve committed to memory (like your password) and something you have in your pocket (your phone or FOB). By adding this additional authentication to access an account, you are requiring yourself, and also the bad guys, to have two forms of identification.
Enabling multi-factor authentication is an extra step initially; however, most service providers will make this easier for users by allowing users to trust certain mobile devices or computers, essentially establishing a registered personal device as ‘something you have.’ Wherever possible, it is a good idea to leverage any multi-factor authentication that your favorite service offers; if it’s not obvious how to do it or if its offered, contact their support service. Here is a list of some popular Internet sites and how you can set up multi factor authentication to protect yourself:
- Apple: Apple’s two-factor authentication sends you a 4-digit code via text message or Find My iPhone notifications when you attempt to log in from a new machine.
- Bank of America: They use a feature called “SafePass.” It lets a user authorize transactions using one-time, 6-digit passcodes.
- Chase.com: To activate, their users need to request an “Identification Code,” which gets delivered by email or text message. Users can then enter their secure mobile site, https://m.chase.com.
- Dropbox: Dropbox’s two-factor authentication sends you a 6-digit text message code; it also will let you set up Google Authenticator. Dropbox will also allow a user to trust a device.
- EBay: EBay’s Secure KeyFob supports a hardware FOB with a tumbling key on a keychain.
- Evernote: Evernote users can use the Google authenticator app Google Authenticator, premium users can also receive a code via text message. Evernote will also allow a user to trust a device.
- Facebook: Facebook uses a feature embedded into their mobile app called “Code Generator.” Facebook will also allow a user to trust a device.
- Google/Gmail/YouTube: Google uses a smartphone app to enable two-factor authentication which sends you a 6-digit code called Google Authenticator and is for Android, iOS, and BlackBerry. Google will also allow a user to trust a device.
- LinkedIn: LinkedIn’s two-factor authentication sends a 6-digit code via SMS. LinkedIn will also allow a user to trust a device.
- Microsoft Accounts (including Office 365): Microsoft’s two-factor authentication sends you a code via text message or email; they also support other authenticator apps like their own authenticator app or Google Authenticator. Microsoft will also allow a user to trust a device.
- PayPal: PayPal’s two-factor authentication sends you a 6-digit code via text message. Paypal will also allow a user to trust a device and also support their secure Key FOB.
- Twitter: Twitter will enable two-factor authentication by sending a 6-digit text message. Twitter will also allow a user to trust a device.
- Yahoo! Mail: Yahoo’s two-factor authentication sends you a 6-digit code via text message. They will also allow a user to trust a device. NOTE: As of this writing, AT&T’s version of Yahoo mail did not seem to support the multi factor authentication.