Every day, more and more of our personal information flies around on the Internet and so data security becomes increasingly important. Unfortunately for average Joe the web user, security has been stagnant for years; you pick your username and password, and you take your chances.
Fortunately, Google is making some authentication and security options much robust for those who want it. Enter “two-factor authentication” which was available to Google Apps customers since September and is now rolling out to everyone. The interface is a bit confusing, and the set-up process is cantankerous, but it’s well worth looking into if you’re looking to up your security quotient. You can activate this new security option by hitting the ‘two-step verification’ link on this page.
So, what exactly does it do? Well, when you login to your Google account, you’ll need to enter both your existing password and a second passcode — one that you can’t write down, memorize, or lose, because it’s always changing. Because the second passcode is dynamic, it’s nearly impossible to phish. This second password is generated by new mobile app called ‘Google Authenticator’ which is available for Android, iPhone, and BlackBerry. The code can be generated with a non-smartphone by having Google call or send a text message to the phone number that you enter during the feature setup. Much like Agent Maxwell Smart, your generated password will only be good for a short period of time.
It’s not as work intensive as it sounds, because you can elect to only require this second password once per computer. This is enough to prevent phishing, but doesn’t mean you’re generating new passwords each time you log on. In order to save passwords in most desktop apps, you’ll have to generate a unique app-specific password for each application that you would like to protect. But again, you can save this in your key chain so you only have to do it once per app.
So, maybe you’re thinking “that’s great, but what if I change phones for some reason?” Well, you can designate a second, backup phone number to which the passcodes can be sent. Two-factor authentication isn’t a new idea. Business folks probably remember getting a code off of their key fob to access the office VPN for years now. However, giving consumers access to this same protection is a big win for security of personal information.