2-factor authentication increases your security.

You should use 2-factor authentication starting now. This is a mechanism, which is usually free, that increases your network security. According to https://en.wikipedia.org/wiki/Wikipedia:Simple_2FA, 2-factor authentication is “…a way of adding additional security on your account. The first “factor” is your usual password that is standard for any account, the second is a code retrieved from an external device such as a smartphone, or a program on your computer.” Here’s how to think of authentication.

1-factor authentication in action.

Suppose you check your Gmail. You visit Gmail.com and type your e-mail address. You then type your password and press (Enter). The password is one factor. Gmail challenges you to prove you are who you say you are. If you know the password, you pass the test.

On the UP side, this is easy. On the DOWN side, if someone guesses this password, they can login as you. If you reuse passwords at various sites, someone can figure out your e-mail and password and login as you at these sites. You become the next identity theft victim.

2-factor authentication in action.

Go one step further. 2-factor authentication lives on the premise of what you know (your password) and what you have (a PIN). This PIN may be visible in a smart phone app, via text or in a one-time password generator that I’ve seen banks and realtors use.

You visit a site, such as Gmail.com. Login with your username and password. Then, Gmail sends a PIN to your smart phone. You read the Gmail PIN on your smart phone and enter that into your Gmail.

Why deploy 2-factor authentication in Gmail (and Google as a whole).

Google lists the features behind 2-factor authentication at https://www.google.com/landing/2step/features.html.

• Get codes via text message. Google can send verification codes to your cell phone via text message. Your carrier’s standard messaging rates may apply.
• Backup phone number. Add backup phone numbers so Google has another way to send you verification codes in case your main phone is unavailable.
• Want a phone call instead? Google can call your cell or landline phone with your verification code.
• Backup codes. You can print or download one-time use backup codes for times when your phones are unavailable, such as when you travel.
• No connection, no problem. The Google Authenticator app for Android, iPhone, or BlackBerry can generate verification codes. It even works when your device has no phone or data connectivity.
• Register your computers. During sign-in, you can choose not to use 2-Step Verification again on your computer. We’ll still ask for codes or Security Key on other computers.
• Keep your account even more secure. Instead of using verification codes, you can insert a Security Key into your computer’s USB port for even more protection against phishing.

How it looks in real life.

Daphne runs a dental office in Folsom, CA. Keeping the practice up and running is her top priority. She realizes she runs most of her patient, insurance and vendor communications through her Gmail account. She  deploys 2-factor authentication with the steps at https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome. She keeps her smart phone nearby. She knows that when she logs into her Gmail account, or any Google service for that matter, Google will send her a six-digit code.

She goes to work one Monday morning. She logs into her Gmail account then receives a text message. It reveals the current six-digit code. She enters that into the Google PIN prompt and reads her e-mail. Pretty simple, after the initial setup and overcoming the “am I doing this right?” doubts.

Daphne has 2-factor security. She knows that even if someone guesses or steals her Gmail password, they do not have the PIN and they do not have her smart phone. 2-factor authentication works for Daphne.

What happens if you don’t do it?

Allen does not see things the same way Daphne does. He decides that since he has been running his business without 2-factor authentication for 20 years, he does not need it now. He thinks it is a scheme for computer guys to make life more complex and generate more billable work. Sad but true, that is what Allen thinks.

One day, Allen opens his e-mail and sees order confirmations for TVs, DVRs and other consumer items. They were all shipped to an address 2,000 miles away. Most came from Amazon. He stands up and yells, “Hey, somebody hacked my accounts. Not only did they get my e-mail, but they also got into my Amazon.com and Buy.com. I had a good password of qwertyQWERTY. How did this happen?”

It happened because Allen used one password at several sites. He now has the inconvenient task of notifying his vendors to cancel the orders. He also has to set new passwords at every site where he was using qwertyQWERTY. He rethinks the 2-factor authentication idea his friend recommended last week.

Why bother?

2-factor authentication increases your security and protects you from a password thief. Someone can steal or guess your password but still be unable to login to your Gmail. I use Gmail as an example here, but I’ve seen several services deploy this. Learn how to use 2-factor authentication. It increases your security at no additional cost.

The Wikipedia administrators learned this the hard way. They report, “It is really important for users with advanced rights to keep their account secure. In November 2016, a number of Wikipedia administrators (including the founder, Jimbo Wales) had their accounts compromised, which were then used to vandalise (sic) the encyclopedia. As well as causing widespread disruption, the affected administrators’ accounts were locked so they couldn’t do anything until it was beyond doubt they had regained control.”

Give it a shot or call (530) 677-8864 for some help.