Not long ago, Tina told you all about two-factor authentication, how it works, and why you should use it. In a nutshell, two-factor authentication (2FA), or two-step verification as it’s sometimes called, is an additional layer of security added on top of the standard user and password.
When you log into a website that offers two-factor authentication, you need to enter an additional password or PIN in order to fully log on. This extra password can be sent to your mobile device, generated by a designated app, or even by a special device. Since you must have these two passwords to log in, it’s much harder for someone else to break into your account.
With security issues on the rise and due to the increasing amount of sensitive information stored online, more and more services are starting to offer 2FA. You can go through Tina’s article if you’re not sure why you should use it or where, but in general, if you use a service to store sensitive information, and it offers two-factor authentication, you should probably enable it. Read on to find out if the services you’re using offer this option.
Note that many banks offer 2FA these days. We can’t list them all, but if you do a lot of online banking, find out if your bank offers this service.
For many, Google and Gmail are almost synonyms, but 2FA is an option for any service you use under your Google account. Setting it up is really easy; when enabling it from the 2FA setting page, you can choose to receive the additional code by text message or voice call. You can also download the Google Authenticator app to generate codes on your Android, iPhone, Blackberry or Windows Phone device. This app can come in handy for other services as well.
If you don’t want to enter the extra code every time you log into Gmail, you can specify computers you trust, in which case you won’t have to enter the extra code. Read more about setting up 2FA for your Google account here.
Dropbox added this option only recently, following a significant security breach. You can enable it from your account’s security settings – scroll all the way down to “Account sign in” and find “Two-step verification”.
With Dropbox, you can choose to receive the code via text message, or generate it yourself on your Android, iPhone, Blackberry or Windows Phone device using one of the supported apps.
Facebook is especially vulnerable to account breaches, and it can be very unpleasant to have someone take over something as personal as your Facebook profile. To avoid that, you can enable a feature called Login Approvals, which will require an additional code every time you try to login from an unrecognized computer or device. You can enable Login Approvals through your account’s security settings.
Note that in order for this feature to work, you need to add a mobile phone number to your Facebook account, and also let Facebook remember your computer and browser. It will only ask for the extra password when it detects an attempted login from a new computer or device. Read more about enabling this feature here.
LastPass is one of the most popular password management systems out there, and there’s nothing in need of more protection than a vault full of passwords. For this reason, it’s a good idea to set up 2FA for your precious LastPass account, and the sooner the better. LastPass offers 2FA using Google Authenticator, and you can easily enable it in your LastPass account settings.
After it’s set up, you will need to use your mobile device to generate an extra code when you log into your LastPass vault from an untrusted device. You can read more about setting up 2FA for LastPass here.
If you’re worried about someone taking over your blog, why not give it the ultimate protection by enabling 2FA? In WordPress, 2FA can be enabled on a per-user basis, so if the blog has several users, you can enable it only for some, or only for the administrator.
WordPress also makes use of Google Authenticator (told you it would come in handy!), and you’ll have to install a WordPress plugin in order to enable it. Read more about it here.
While not as popular as it used to be, many users still sport a Yahoo! account, and even use it for email. This is good enough reason to want to protect it, and Yahoo! does offer a 2FA feature, of sorts. It’s called Second Sign-In Verification, and will only ask for an extra password if you’re trying to log in from an untrusted computer.
You can enable this feature in your Account Information, and choose if you want to receive the code by text message or email (a different email, obviously). It’s pretty old fashioned, but it’s better than nothing.
Amazon Web Services
Although you can’t set up 2FA for your regular Amazon account, it is available if you use Web services such as S3. It supports Google Authenticator, and there’s not much to do in terms of setup. You can find out just a bit more about it here.
Notable Absentees: Microsoft
Surprisingly, Microsoft doesn’t really offer 2FA for most of its services. According to this forum thread, some service such as Xbox Live and SkyDrive do offer some form of it, but it’s only by text message or to an alternate email. It’s worth mentioning, though, that Microsoft had recently acquired PhoneFactor, a two-factor authentication app, so it might have something planned in that regard.
These are only some popular services that offer two-factor authentication; there are probably many smaller one that offer this feature. This is where you come in. If you know of or use a website that offers two-factor authentication, tell us about it in the comments. Help us turn this post into a much bigger and more useful list for everyone!
Image credit: lock image via Shutterstock