Yesterday I wrote a post on using a password manager to protect your online passwords. Today I am going to suggest you use two factor authentication to further protect your online identity.

How is Security accomplished?

Access security is based on:

• Who you are
• What you know
• What you have.

For example: using an ATM requires 1. something you have (your debit/credit card) and 2. something you know (your pin).

What is two factor authentication?

Generally speaking, signing onto a an online site requires a username/email account and a password. So, in this case the username is who you are, and the password is something you know.  Using the user’s email address is becoming more and more common, principally because each email address is unique, but it is not hard for someone to impersonate you just by knowing your email address.

Two factor authentication adds an additional level of security by requiring something you have.  Most two factor schemes use a smart phone app that produces a time-based code that you need to log into your account.  These apps are available for iphone, android and windows phones. You also turn on two factor on a site-by-site basis.

A back-up code is offered that allows the user to get a code by sms, or a phone call to your home or mobile phone if your smartphone is not available.  You also can deem devices as secure, so you only need to authenticate your desktop computer once, and then it only asks you for your username and password to sign in.

Two factor authentication is becoming more and more prevalent on the web.  The most often used site: Facebook, Twitter and Google all allow two factor.  There are a growing list of sites that use two factor, and is available from here.

Even if you don’t want the minor inconvenience of using two factor on all you accounts, consider using it for sites that you want to be sure isn’t compromised, such as your email or bank accounts.