Please note that all of these steps are necessary as you chose to use these digital tools. It is your responsibility to ensure the privacy and security of your materials and data in these spaces. You cannot trust that these companies will just do it for you. In the same way that you ultimately need to accept responsibility and remain vigilant, you also need to be responsible as you use these texts and tools.
What is two factor authentication?
Many services, including (e.g., Facebook, Google, Twitter, Tumblr) let you enable two-step or two factor authentication (2FA or TFA).
Two Factor Authentication is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only, and only, that user has on them. For example, this a piece of information only they should know or have immediately to hand, such as a physical token. Historically, two-factor authentication is not a new concept but its use has become far more prevalent with the digital age we now live in.
Using a username and password together with a piece of information that only the user knows makes it harder for potential intruders to gain access and steal that person’s personal data or identity. This means that in addition to a password, you’ll need to prove that you have access to a second trusted device. Two factor authentication prevents a third party from logging in to your accounts even if they’ve stolen your passwords.
Basically, you’ll be using your password to log in to your accounts and services. You’ll then be using a randomly generated (usually) six number key as well.
2FA in action
Two factor authentication in action will require that you have an outside device as you are trying to log in. This would mean that as you’re sitting at your laptop/desktop computer, you also have your mobile device (phone/tablet). As you try to log in to something like your Google Account, a box would pop up like the one below after you enter your password.
In action this means that you would log in to Google. You would then be asked to enter a six digit code that is on your mobile device. You would pick up your mobile device and open an app that would give you a random six number code. These six digit codes re-generate after a set period of time (usually 60 seconds). You read the numbers from your mobile device and then enter them into the box below on your laptop/desktop.
Now…you’re logged in. Let’s look at the tools I use to make this happen.
Turn on 2FA now
First, install Authy on all of your devices.
There are many apps available that will store your verifications codes. You’ll need to have access to these each time you log in to a service.
I’ve been using Authy for several years and it (IMHO) is the easiest of the 2FA to manage. Install it on your Android, or iOS (iPad/iPhone) devices. I like Authy because it will use 2FA for multiple accounts. I use it for LastPass, Google, WordPress, and Twitter.
Follow this guide to start up a Google Authentication account with Authy.
I do not use the Chrome app and Chrome extension. This is sometimes an annoyance as I’ll have to dig my phone out in class when logging in to the classroom. I also use this as a teaching moment to show my students what the process looks like.
Second, turn on 2FA for all of your accounts.
Not all of your accounts will offer 2FA. You should also note that even if a service offers 2FA, there is no standard, so their set up procedure might look a bit different across services. Some of the services will have you use Authy while others will send an SMS message to your phone with your verification code.
Follow this series of guides to turn on 2FA for all of your accounts.
Third, stay vigilant.
You should keep an eye out for other services that you use to see if they include 2FA. 2FA will also be used in concert with other systems that you have in place. This means that you’ll need to integrate this into your password management system.
Keep in mind that as you add layers of privacy and security, you may also be adding some extra work for yourself. You decide what level of comfort/discomfort is appropriate for you.
It is your responsibility to pay attention to your privacy and security using these tools. No one is looking out for your best interests in using them. This includes the companies that are providing the services.
If you bought a house, you wouldn’t think twice about checking for doors and windows that lock. You might also think about curtains for the windows to give some privacy. You don’t expect the builder to come make sure that it was safe and secure. That is your responsibility.
As you use these new digital spaces and tools…this is your responsibility as well.
If you value information like this…subscribe to my weekly newsletter to be the expert.
Also published on Medium.