Q: Let’s talk two-step authentication. As I understand it, the system improves security by requiring the user to log in by typing in his/her user ID, a password, and then a second password received from the app (in my case, Apple’s iCloud) on another device. So, for instance, I go to access something from iCloud on my iPad and — in order to log in — must have another of my devices (desktop computer or phone) handy to receive the second (single-use) password. On top of that, it seemed like the second password was supposed to be appended to the first password in order to complete the login (this was unclear, and in some cases, with some apps, unnecessary). Not only that, but if my device had so much as taken a nap, and I woke it to access something from iCloud (calendar, contacts, some other mundane thing), I had to log in again. Which meant making sure I had two devices close by nearly all the time. This system drove me nuts. Eventually, reluctantly (I’m a big fan of cyber-security), I shut it off. What do people who have only one device do? Or am I the only security-conscious person on the planet who doesn’t regularly carry around two devices? Is there an alternative I’m not aware of? ~ R. Norman
Tech+ If you really want to be as proactive as possible and protect access to email, financial and other personal accounts, two-factor authentication is recommended — and it makes sense.
This forces people to prove you are who you say you are at least twice before an iPad or other device lets you in. In some cases, you may need to verify your identity when using a new browser that a site like Facebook or Chase Bank hasn’t verified is connected to your account.
The idea is that if someone does steal your iPad, they need to know your password plus be able to receive a one-time code on your smartphone. Just knowing your password won’t get them in.
This second factor isn’t limited to an app. It can be a text message, a phone call or printing out one-time use codes ahead of time. You can usually set up two-factor authentication within a program or device’s settings.
Two-factor does add an extra step for people, but that means it’s even harder for imposters to break into your personal accounts. For the most part, once you sign in and are verified and register your devices, most services keep you logged in unless you sign out completely.
Here’s what the major tech players offer:
- Apple ID Two-Factor Authentication: This is Apple’s newer security method that adds additional security and is built into newer operating systems. The older method — called two-step verification — is for older devices or non Apple devices. Start with registering your devices as trusted devices or trusted phone numbers. Then when you try to log into a new device, a notice pops up automatically on the trusted devices, like an iPhone or MacBook or Apple Watch or Apple TV. Apple will send codes via app, text message or voice call. More details on Apple’s site: dpo.st/apple2f
- Google 2-Step Verification: After registering devices and phone numbers, Google’s 2-Step Verification also provides verification codes via text, voice call or its Google Authenticator mobile app. You can also use a USB security key, instead of a smartphone. Google provides one-time backup codes that you can print out to use when a phone is unavailable. More details at google.com/2step.
- Facebook Login Approvals: Provides the verification codes via text message or its Code Generator mobile app. Facebook also allows third-party authentication apps Google Authenticator and Duo to get one-time codes. If you know you’ll be traveling and without phone service, you can print out one-time use codes via Facebook’s security settings. You can also set up “trusted contacts” to designate friends as your two-factor buddies because they’ll need to then share a code with you. More details at dpo.st/facebook2f
Miss a week? Then subscribe to the new weekly Tech+ newsletter to get this week’s question and more delivered to your inbox. Sign up, see past Tech+ answers or ask your own tech question at dpo.st/mailbag. If you’re emailing your question, please add “Mailbag” to the subject line.
