Safer Passwords

The traditional online account has a username and a password. This method is much easier to hack, especially when the same password is used for many sites(I still do this). The difference with two-step verification is adding a password that you don't choose, aka a one-time password. It can be sent to you via text message (SMS) or it could be a code that is changing via an application (pictured right).


You might have heard about two-step verification (sometimes called two-factor authentication - 2FA), but chances are you don't know much about it or you haven't taken the time to set it up. Let's change that! I have seen too many Facebook and email accounts get hacked. Don't be next!

There are different ways to have two-step verification on Facebook, Google and others:

• Receive a text message or voice call with a one-time password (OTP). This is usually pretty easy to setup. This requires a cell phone that receives texts (SMS).
• Google Authenticator Application: I use Google Authenticator for most websites and applications. Click here for the WikiPedia page that shows all websites and apps that can use Google Authenticator. You'll need a smartphone or tablet for this method.
• Your Google account can even be protected with a USB key. I have not purchased a U2F key, but it seems like a pretty cool concept. Here is the Google support information on this method.

Most applications and websites allow you to remember devices that won't continue to ask you for your password. Enabling two-step verification just helps protect you when you sign in on a public computer and stops unwanted hackers from being able to access your account. I usually have my phone on me so this is not a problem. I love being able to keep the same password for everything without being so reckless. The video below explains Multi-factor authentication:

• Facebook tutorial
• Google help
• Apple ID information
• Twitter has 2FA built in to the phone application
• Snapchat help
• Extensive list of websites that use 2FA (two-step verification)

Twitter and Apple are the only websites/services that I can't connect to my Google Authenticator Application. Twitter either sends SMS or lets you approve login requests from the mobile phone application. I have had to move Google Authenticator to a new phone which is more difficult, but it can be done. You must be careful so that you don't lose access to any accounts! When I moved between iPhones, backing up my phone to iTunes and setting up the new device from the backup worked pretty well. It is nice to have as many services in one place, but it can be easier to just set up texting one-time passwords. Some websites still do not have 2FA yet! It will be interesting to see where technology takes us. Facial recognition and fingerprint scanning are already available on some smartphones!