Lately, there is lots of news about various bank accounts being newsletter gmail– including the network of the International Monetary Fund, the biggest piggy bank of them all. Coincidentally, there was the news that both Facebook and Google’s Gmail have beefed up their security with two-factor authentication. They both now have optional mechanisms for making sure that your login process is more secure.
Two-factor authentication is called that for a reason: you need more than type in your username and password, something that you have on your person that isn’t easily known to anyone else (like your mother’s maiden name or birth date). Both sites make use of texting you a short string of numbers to your cell phone as part of the login process: once you set this up, as long as you have your phone nearby (and who doesn’t?), you can be sure that no one else can login into your account.
Older forms of two-factor authentication used small key fobs that had a button: when you pressed the button you got a code number that you used to type in at the moment you were logging in. The number changed every 30 seconds or so, making it difficult to hack. Using a cell phone is much more convenient: the fobs were forgotten or lost.
Two-factor authentication has been around for a long time, and lately has gotten a black eye, thanks to the behavior of RSA, one of the leading companies in the market. Their SecurID system was compromised several months ago, and the company has been slow in getting the word out and replacing the fobs for its customers. As a result, several of its competitors have stepped forward and offered deals on replacements.
I’ve had a fob for my eBay/PayPal account for several years: I think it cost $10. You can still get them, although there are free alternatives available that can make use of your smartphone from Symantec’s Verisign Identity Protection program.
But even better is what Google and Facebook have put in place. If you have a Gmail account (but not a Google-hosted email account, sadly), you can get this set up in about 10 minutes: Go to your account’s personal settings and you should see a menu item for two-factor authentication, and follow the instructions show in their blog.