Here is why you must set up two-factor authentication (also called 2-step verification, or simply “2FA”) wherever you can. Many places now offer it, including Facebook, Paypal, Twitter, and, of course, Gmail (Google). You may in fact remember the story of how Naoki Hiroshima lost their Twitter account, valued at $50,000, to a hacker. Basically the hacker managed to get into and redirect Hiroshima’s email domain, allowing the hacker to do password resets on some of Hiroshima’s accounts, and intercept the password reset emails. It’s very easy for someone to do a password reset on an account if they have the email address, however with 2-factor authentication is becomes a lot harder.
[Read Naoki Hiroshima’s “How I lost my $50,000 Twitter username”]
The Naoki’s case, the hacker first tried hacking into Hiroshima’s Paypal account, which didn’t work, because they were stymied by Paypal’s two-factor authentication. (Unfortunately, the hacker then simply called Paypal, and through some social engineering got a Paypal employee to give the the last four digits of Hiroshima’s credit card on file, which in turn the hacker used to convince GoDaddy that they were Hiroshima.)
Anyway, all of this serves to highlight this: You should have two-factor authentication set up with every account that offers it. And, if you are using a service that doesn’t offer it, you should request that they do. Maybe even threaten to switch to another, similar service that offers it – in fact, maybe actually switch to another service that offers it.
(Two-factor authentication is basically having two passwords, the second one of which is randomly generated, and is good for only a few minutes, and is delivered to you through a device, an app, or an SMS text message.)
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Whenever possible you should set it up as an SMS text message direct to your mobile phone.
Here’s why: Some places (such as Paypal) offer you a separate device with which to generate a special one-time code, like a keyfob or credit-card sized “security key”. Other places, such as Google, offer you a standalone app that will generate a special one-time code for you. But (nearly) all places offer the option of having the random code for your 2-factor authentication delivered to you by SMS text message.
Paypal’s Security Key Options
Now. Imagine you use the security key offered by Paypal. And imagine that you lose your wallet in which you keep the security key. Suddenly you are locked out of your Paypal account.
Similarly, imagine that you use the Google authentication app on your phone. And you lose your phone. Even if your phone doesn’t fall into the wrong hands, you have no way of accessing your Google account, because you can’t get the code from the app.
But, if you instead have set up all of your two-factor authentications to come to your cell phone as text messages, and if you lose your phone, it’s a simple matter of having your phone carrier (i.e. AT&T, Verizon, T-Mobile, etc.) turn off the SIM card in your lost phone, and reactivate it in a replacement phone. You will have the same phone number, and your two-factor authentication texts will still come right to you.
All that said, here is a list of the more popular services and social media of which we are aware that offer 2-factor authentication. To the best of our knowledge, they all also offer the code-by-SMS-text-message option, unless otherwise noted. If you run into any that don’t, or if you know of other services that offer 2-factor authentication, please feel free to add them in a comment!
Facebook two-step authentication (called “login approvals”)
Twitter two-step authentication.
Paypal two-step authentication (called “security key”)
LinkedIn two-step verification
GoDaddy two-factor authentication
Yahoo two-factor authentication
Microsoft/Live two-factor authentication
Apple two-step authentication
WordPress.com two-factor authentication
Amazon Web Services (AWS) two-factor authentication
Dropbox two-factor authentication
Evernote two-factor authentication
Lastpass – unfortunately Lastpass doesn’t offer an SMS option, you have to use the Google authenticator app.
For a more comprehensive list of websites and services that offer two-factor authentication, incuding financial services such as CitiBank, Bank of America, and Charles Schwab, see Evan Hahn’s Two-Factor Auth List.
For a list of domain registrars that offer two-factor authentication, see Elliot Silver’s List of Domain Registrars that Offer Two-Factor Authentication over at DomainInvesting.com.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.