-
Notifications
You must be signed in to change notification settings - Fork 9
Two Factor Authentication
##Threats If an attacker gains access to your password through either malware or just plain guessing, they can log into your online accounts that may contain sensitive data. Two-factor authentication, sometimes known as 2FA, introduces another layer security that a malicious user needs to bypass.
##Solution There are three main types of authentication mechanisms in use today: what you know (passwords, usernames, SIN/SSN number); what you have (keys, access badges, your cell phone); and what you are (biometrics). Two, or multi, factor authentication refers to using two or more of these methods to prove you are who you claim to be. Wherever possible you should enable 2FA for all of your online accounts.
The most common 2FA method is your password plus a special verification code sent to your cell phone. That way only if you know your password, and have your cell phone, will you be permitted to log into the application. Facebook, Google, and Twitter all support 2FA so you should start by enabling it on these sites and then expand from there.
###Steps for Popular Sites:
- Facebook - "Login Approvals":https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920
- Google - https://www.google.ca/landing/2step/
- Twitter - https://blog.twitter.com/2013/getting-started-with-login-verification
##Resources
- Pretty comprehensive list of sites that support Two Factor Authentication - https://twofactorauth.org/