How to Enable Two-Factor Authentication on Twitter (And Everywhere Else)
Deeplinks 2013-05-28
Summary:
Twitter rolled out two-factor authentication last week, joining a growing group of tech companies to support the important security feature. Two-factor authentication can help mitigate the damage of a password breach or phishing attack.
The Three Authentication Factors
- A knowledge factor, like a password or PIN. Something you know.
- A possession factor, like a key or a hardware dongle. Something you have.
- An inherence factor, like a fingerprint or an iris. Something you are.
The principle comes from the idea that any authentication system—whether it's the deadbolt on your front door, the lockscreen on your smartphone, or the bouncer at a secret clubhouse—works by confirming something you know, something you have, or something you are. Each of these are called "factors."
Normal password logins just check whether you know a password, which means anybody else who learns it can log in as you. Adding a second factor—in this case, checking something you have, your phone—means that even if your password is compromised by, say, a keylogger in an Internet cafe, or through a company's security breach, your account is safe.
That's important because phishing, which is one of the most common way in which individual accounts are compromised, only gets information about passwords. Require a different factor, and phishing attacks become much more complicated and much less effective.
One example of two-factor authentication in the offline world is ATM cards. Normally, you need to both have a card and know its PIN in order to make a withdrawal. Online two-factor authentication brings the same concept to your services and devices.
As they become more popular, these systems have gotten increasingly user-friendly; it doesn't have to be a difficult trade-off of convenience for security. Here's how to enable two-factor authentication on Twitter, as well as on Google, Facebook, Dropbox, Apple, and Microsoft.
Twitter has named its two-factor authentication system "Login Verification," and its announcement provides a straightforward guide on how and why to use it. It directs you to your account's settings page, where enabling the option is basically a one-click affair.
Unfortunately, for now Twitter only supports two-factor authentication by SMS, so if you don't want to attach your phone number to your account, or don't have reliable or secure phone service, it may not fit. Many of the other services outlined here already offer support for standard and secure offline authentication protocols. Hopefully Twitter will follow suit.
Google was one of the first major services to make two-factor authentication (it calls it "2-Step Verification") widely available. It's got a landing page that explains two-factor authentication generally, and a single settings page for configuring it across various Google services.
Because many people use apps and devices without two-factor authentication support to connect to Google services, it's useful to also understand Google's one-time password system.
Google's Authenticator app, which is available on iOS, Android, and Blackberry, can generate login codes for any compliant service (including Facebook, Dropbox, and Microsoft) and is a popular choice.
Dropbox
Dropbox has a very clear tutorial on enabling two-factor authentication within that site, and supports authentication over SMS or over any of the popular authentication apps. You can enable the option in the Security section of your account settings, and it will require an authentication code whenever you sign into Dropbox on a new device or computer.
Facebook calls its two-factor authentication "Login Approvals," and it allows you to use a mobile app to generate authentication codes while offline. You can enable it in the Security section of your account settings — and wh</
Link:
https://www.eff.org/deeplinks/2013/05/howto-two-factor-authentication-twitter-and-around-webFrom feeds:
Fair Use Tracker » DeeplinksCLS / ROC » Deeplinks