Getting Serious With Two Factor Authentication and Mobile Security
While using conventional passwords as your main protection when it comes to securing all of your valuable online accounts and data is easier to manage than TFA, it’s a lot harder to manage in a way that actually gives you ideal security. This is because, to be truly secure, a solitary password needs to be very long and difficult to guess –as random as possible and different for each of our online accounts.
And because most of us run multiple online accounts, sticking to a rule like that can become very hard. For this reason a lot of people reuse the same password or stick to very simple and very weak passwords (such as a wife’s name, place names, etc)
With two factor authentication, most of the above problems disappear. Thanks to an added extra layer of security that makes depending on robust passwords less necessary than before and keeps our data protected even if our passwords aren’t very protective –though this isn’t to say that you should forget about being careful with how you choose your passwords anyhow.
Let’s cover some TFA options for our daily world of practical data protection.
• Your Most Powerful Two Factor Tool: Your Phone
Before we get down to where you can and should apply TFA protection for maximal data security, we need to cover the single most powerful and commonly used tool for implementing factor authorization: your mobile phone.
[ Don’t Miss: Advantages of A GPS Tracking Cell Phone ]
Since almost all of us have at least one mobile phone and usually own a phone that’s also a smart phone, the ubiquity of these devices makes them the perfect TFA verification tools. Instead of the expensive electronic tokens and password generators that older TFA options offered (and some still do) phones are an excellent and already available substitute.
The secondary authentication code that is the core of a TFA system can be delivered via various formats through a mobile phone. Most delivery protocols offer to send you your secondary access key via SMS message but you can also accept it via voice call or even via WiFi enabled communications mediums for times when a network signal isn’t available.
Furthermore, because most of us keep our phone securely with us at all times, we’re less likely to let it get misplaced or lost as might happen with a simple physical password generating token.
Now let’s cover some options for actually applying TFA
• Protecting Social Media
Our social media accounts aren’t any more just about staying in touch with friends and posting silly jokes to someone else’s feed or wall. These days, with platforms such as Google+, Twitter and LinkedIn, your social media presence is a major component of your entire online relations and networking strategy; it’s not something you can afford to have hacked and devastated by intruders because the consequences could be catastrophic.
This is why virtually every major social networking platform now has TFA options enabled in its security settings in a way that’s easy to set up.
Specific options vary but as a general rule, by logging into any one of your social media accounts and heading over to your account security settings under the general account settings for any account, you should be able to find a TFA enabling option procedure listed. In most cases, such as with Google, Twitter and Facebook, you’ll be asked to hand over your phone number and establish secure machines from which you want to log in without having to use TFA. From then on, any time you try to access a social network account from an unknown IP address, your own account will prompt you to type in the SMS password it sends to your phone just as you try to log in.
In the case of Google+, the TFA system you enable will also apply across the board to all of your Google accounts, from email to Google Drive Cloud storage, making the whole process much easier and more convenient.
• Cloud Storage, Email and Other Data Systems
As a general rule, only use online database and data storage platforms that offer you TFA as an option. Whether they have it or not is a great metric for how serious they are about their clients data security.
Thus, for email. Gmail is probably your best option since it’s enabled with the same TFA that you’ll find enabled with any other Google account. In the case of cloud storage options, shop around for providers that clearly offer two factor protection; a couple of easy choices are Google Drive (as described above, because it connects to your general Google Account) and DropBox, which also offers its users multi-factor security.
Moving beyond email and cloud storage, what about other more active online data platforms such as Cloud computing APIs and Website hosting?
Well, in both cases TFA is also becoming much more common than before. Cloud APIs for app developers such as Twilio now offer TFA to all their users, as shown here: Aand even hosting providers are getting into TFA because they’re realizing the customer service and security benefits of protecting clients with extra security layers. One notable example of this is the hosting provider Dreamhost, which has put up this whole wiki dedicated to letting its clients know how they can protect their valuable hosting servers: enabling multifactor authentication.
Like social media, email and cloud storage TFA, most of the above also depend on you using your handy mobile phone as the delivery medium for your TFA security codes.
[Don’t Miss: Developers Approach to iPhone Application Development ]
• What About your Phone Itself?
Since your phone is s important to maintaining the digital security of all your online accounts, you obviously need to protect the phones security integrity too. Now on the one hand, this involves the obvious such as not letting your phone out of sight, blocking it with an access code screen and setting up a remote data wiping program on it in case it does get stolen, but on the other hand, what about TFA for the phone itself?
Sadly, this is something that’s still in its infancy; since phones are the basis of most other TFA systems, few developers have put a lot of effort into making the phones themselves dependable with factor protection. However, within the limited number of known options available, you can set up a sort of ad-hoc protection by downloading and enabling any reliable access security applications that are available for your phone model or OS. You can also double your data protection by making sure that anybody accessing your phone can’t also access all the online accounts you access through it. The simple way to do this: log out of anything you have open on your mobile any time you’re not using it.
What’s your strategies for two factor authentication? Do share your views in the comment section, we’ll be glad to hear from you.Posted on: February 24, 2019, by : Jason