Two-factor authentication adds a layer of protection to the standard password method of online identification. You simply add another identification feature alongside your password and it’s usually a phone number. It’s free and quick and easy to do. Critics point out that because you usually have to use your phone number it’s just one more bit of information you’re handing over to a third party. This is true, but as hacks and database breaches become increasingly common it’s also one of the most practical and simple protection options available.
If you have a PayPal account and ever take a peek into the dark web
you might find yourself a little horrified. Alongside drugs, guns, credit and debit cards for sale you’ll often find PayPal accounts
The prices vary according to how much is in the account. You have to pay a little more for a PayPal account with $10,000 in it than you would for an account with $2,000 or $5,000. Of course the sellers kindly offer a ‘How to’ guide too so buyers’ can quietly extract the money without the legitimate owner knowing anything about it.
But why are PayPal accounts so popular? Well, it’s not just PayPal but any account of value that is poorly protected. If a hacker gets an account address all they need to do is crack the password. Given that most people use simple passwords, using software specifically designed for password cracking is an easy task.
However, if you introduce two-factor authentication into your accounts it becomes much more difficult, by several orders of magnitude, to access the account. The password acts as the first line of defence – so toughen it up
– and the second factor adds another barrier by introducing what is usually a phone number.
- To set up two-step verification for PayPal, first login to your account on the website. Click on your profile icon then Profile and then settings.
- On the left side of the page, click My Settings and scroll to the bottom of the page.
- Find Security Key and click on Get Started to the right. You'll have to enter your password again before continuing.
- Your Security Key page will have a message that says there are no keys currently activated.
- Click on the Get Security Key link at the bottom of the page and follow the prompts.
- You'll then need to enter a phone number. A confirmation code will then be sent to the phone number you specify via text.
- The security key page will then list your phone number and every time you access your account you will need to enter your password and then phone number.
- Sign in to your Facebook account. Click the drop-down arrow in the top-right corner and choose Settings.
- Select Security in the left pane, then click Edit to the right of Login Approvals.
- Next, check ‘Require a security code to access my account from unknown browsers.’
- A window opens explaining how log-in approvals work.
- Follow the prompts, which include adding a phone number to your account and entering a confirmation code that will be sent to your number.
- You can also take advantage of the code generator feature within Facebook's mobile applications.
- The code generator is found within the app by sliding out the More menu and scrolling down to the Settings section.
- There you will find a Code Generator option, which will display a six-digit code when launched.
Given that Yahoo recently set an unwanted record with 1 billion accounts being compromised
, and you want to hold on to your Yahoo account, it’s more than a good idea to not only change your password but also enable two-factor authentication.
- Yahoo's two-step verification can be setup by visiting your account settings page.
- Click on Account Security on the left side of the page.
- At the bottom of the list will be a switch to enable two-step verification. Sliding it to the On position will bring up a prompt asking you for your phone number.
- Enter your number, then click either Send SMS or Call Me in order to receive a confirmation code.
- Enter the code when you receive it, and you're done.
- Log in to your Dropbox account from a Web browser, then open the menu in the top-right corner and head to Settings and then Security.
- Click Enable next to the Status for Two-step verification. After entering your password, you'll be prompted to pick a method of receiving authentication codes in the future.
- You'll need to choose between receiving codes via SMS or using an authenticator app. SMS only requires a phone number and you're set.
If you plan to use an authenticator app, follow these steps:
- Scan the bar code with your authenticator app of choice.
- Enter the six-digit code from SMS or the authenticator app into box on the website.
- Dropbox will show you a 16-digit code to be used in case you lose your device. Keep this emergency backup code in a safe place.
- Click Enable and you're all set.
- Open the top-right menu and click on Manage next to Privacy & Settings.
- On the tabs along the bottom-left-hand side, click Account > Manage security settings (bottom of the left column).
- Under Two-step verification for sign-in, click Turn On. Enter a reliable cell phone number and then click Send Code.
- Enter the code you receive via SMS to log back in to the LinkedIn website.
- Setting up Twitter's two-factor authentication requires you to use a computer and visit your security settings page.
- Tick the box next to ‘Send login verification requests to (my number).
- If you don't already have a phone number attached to your account, follow the prompts to add one.
- With the box is ticked you’ll receive a series of prompts letting you know that the service is about to be enabled, and that you need to connect your mobile phone number to your Twitter account.
Two-factor security isn’t infallible – but it is a good step towards protecting against account compromises. A case in point is the 1 billion account Yahoo breach
If a Yahoo user had a strong password in place bolstered with two-factor authentication the likelihood of hackers being able to breach the account may have been severely diminished if Yahoo had encrypted the two-factor steps.
BullGuard Premium Protection
offers the best safeguards against these types of account breaches. It includes identity theft protection that alerts you immediately if any of your personal details are discovered online.
For instance, when a company is breached, emails, passwords, bank details, card numbers and so on are typically sold on dark web forums and web sites
. BPP trawls the internet 24/7 and using a special algorithm
searches for the personal information you want to protect. It’s the best way of safeguarding your sensitive data because if it is stolen as soon as it appears for sale
, or someone tries to use it, you know about it and can take steps to defend yourself against loss.