I spent the weekend in Chicago at BlogHer13. One of my jobs there was to do a couple of sessions in the Geek Bar on two-step verification. While I have the information at my fingertips, here are the whys and hows of two-step verification
Why is every big company bringing in the opportunity for users to sign up for two-step verification? Horror stories of hacked accounts, mostly. All these companies have made it possible for you to use two-step verification.
Two-step verification adds a layer of security to your account and makes it harder for your account to be hacked.
Once your account has been breached, it can be used to broadcast spam or malicious links. Your password can be changed. Your information can be changed or removed (and there’s no way to get it back). If it is a Twitter or Facebook password that someone has figured out then all the sites that you sign into using Twitter and Facebook have been compromised as well.
You still need a strong password, even if you opt in to two-step verification. Remember that.
If you use two-step verification, here’s how you do it.
- Sign in to your account on Facebook or Gmail or whatever service you are using. Find the settings in your profile.
- Sign up for two-step verification and provide your mobile phone number
- Now, when you go to the site and enter your password to sign in, you may be required to enter a second access code, which is sent to your mobile phone
On Facebook, for example, enable ‘Login Approvals’ from the ‘Account Security’ section of the account settings page
On Twitter, visit your account settings page. Make sure you have provided a phone number. Check the “Require a verification code when I sign in” box
Unless a hacker has your phone in his hand, he may have guessed your password, but he won’t have the code that gets sent to your mobile phone.
It depends on which company you are using whether you are asked to enter the second code every time you sign in. If you are signing in from a recognized device, you may not be asked for the second code.