Two-Step verification is being used now for more and more accounts. When we first started to use two step verification for some accounts here at Small Dog I was a little unsure how it worked and honestly thought it did nothing but slow my workflow down. Waiting for the verification text or e-mail has delays occasionally which is frustrating. But after I had a break-in to an e-mail account, I’ve learned the value of this added security step. I was lucky, there wasn’t anything personal stored in the e-mail account that was compromised, but that is rarely the case for many users whose accounts are compromised or hacked.
It seems we hear almost weekly information about a new security breach. I remember most recently one involving Yahoo accounts. Strong passwords are something that is always recommended and some sites even require it, but not all. We’ve talked a lot about not using kids and pets for passwords. Keeping track of your passwords is becoming more and more complicated. I am a fan of ( and rely heavily on! ) iCloud keychain password storage myself. I also utilize 1Password for some of my accounts as well. Using these kinds of password management systems can be critical in not only your organization, but also your account security. Having to move away from simple passwords and utilizing more complex passwords with special characters can be complicated to keep track of. I know I’ve more than once reset passwords and then found myself locked out because I couldn’t correctly remember the password…very frustrating. Utilizing password management software to keep track of passwords as they get more complex is extremely helpful, but often a complex password isn’t enough. This is where two-step verification comes in.
With a normal account, a bad guy has to get only one thing to break in, your password. With an account that’s protected by two-step verification, breaking in becomes far more difficult. That’s because logging in requires both your normal password and a time-limited one-time password or numeric code. This one-time code is generated by a special authentication app and sent to you in a text message or via e-mail. This secondary passcode is only valid for a short amount of time and you can only use it once. Depending on your account ( you can’t control this yourself ) you’ll either have to enter the one-time code each time you log in or sometimes they last for extended periods of time. I have some Apple accounts that I have to use the code each and every time I log out of the account. For some of my e-mail accounts I only have to use the code once every 30 days. So it does vary.
Most accounts that offer ( some will require it ) two-step verification provide fairly detailed instructions on setting up your two-step authentication. One very important note and step is safely storing your recovery key. Your recovery key is your emergency lifeline or safety net if you find yourself locked out of your account for some reason. I was recently locked out of my Apple ID and easily got back in only because I had my recovery key handy. I do not recommend keeping your recovery key physically on your device, you should print it out and put it in a safe place. If you do choose to store your recovery key on your device, I recommend also printing and filing your recovery key. If your end up losing your device or a drive fails etc, you’ll be thankful you have this on hand!
Ultimately having two-step verification is the next best step for safeguarding your accounts, especially during the busy holiday shopping season! Does it have draw backs? Sure, but I feel the perceived inconvenience felt in the beginning becomes second nature with time. My best suggestion is to have your mobile device set up if possible to receive your codes. Most of us carry our phones with us 24/7, so even if you’re not physically with the device that’s needing the verification you’ll know when someone is trying to access your account and quickly determine if it’s someone who should be or someone who shouldn’t.