{"id":26166,"date":"2016-12-28T15:24:56","date_gmt":"2016-12-28T20:24:56","guid":{"rendered":"https:\/\/www.computeradvantage.us\/v3\/?p=26166"},"modified":"2016-12-28T15:24:56","modified_gmt":"2016-12-28T20:24:56","slug":"understanding-two-step-verification","status":"publish","type":"post","link":"http:\/\/www.computeradvantage.us\/v3\/understanding-two-step-verification\/","title":{"rendered":"Understanding Two-Step Verification"},"content":{"rendered":"<p>It seems that we can\u2019t go a week without hearing about some new security breach involving tens of thousands or even millions of passwords. That\u2019s why it\u2019s essential that you use strong passwords (and manage them in a full-featured password manager like <a href=\"https:\/\/1password.com\/\">1Password<\/a> or <a href=\"https:\/\/www.lastpass.com\/\">LastPass<\/a> or, for a more basic approach, <a href=\"https:\/\/support.apple.com\/en-us\/HT204085\">iCloud Keychain<\/a>). But many major Internet companies like Apple, Google, Facebook, and Dropbox offer an option for a higher level of security, called <i>two-step verification.<\/i><\/p>\n<p>With a normal account, a bad guy has to get only one thing\u2014your password\u2014to break in. With an account that\u2019s protected by two-step verification, however, breaking in becomes far more difficult. That\u2019s because logging in requires both your normal password and a <i>time-limited one-time password<\/i> that is generated by a special authentication app or sent to you in an SMS text message or via email. What\u2019s important about these secondary passwords is that they\u2019re valid only for a short time and they can be used only once. You have to enter these secondary passwords only the first time that you log in on a particular device or in a particular Web browser, so they are just an occasional extra step, not a daily inconvenience.<\/p>\n<p>Sites that offer two-step verification will provide setup and usage instructions, but the basics are as follows. You\u2019ll enable two-step verification in the account settings, and then tell the site how you\u2019ll get the one-time password when you want to log in, generally providing your phone number or email address. For services that use an authentication app like <a href=\"https:\/\/itunes.apple.com\/us\/app\/id388497605\">Google Authenticator<\/a>, <a href=\"https:\/\/www.authy.com\/\">Authy<\/a>, or <a href=\"https:\/\/support.1password.com\/one-time-passwords\/\">1Password<\/a>, you\u2019ll have to scan a QR code on screen or enter a secret key\u2014either way, that seeds the app with a value that enables it to generate a valid one-time password every 30 seconds. Make sure to record any backup codes the site provides; they\u2019re essential if you lose access to your phone or your email.<\/p>\n<p>When it comes time to log in to a service protected by two-step verification, you\u2019ll enter your username and password as you normally would. Then, however, you\u2019ll be prompted for a one-time password, and the service will either send you one via SMS or email, or require you to look it up in your authenticator app. Since a bad guy who might have obtained your normal password would also have to intercept your text or email messages, or have stolen your mobile phone (and be able to get past its passcode), you\u2019re far, far safer.<\/p>\n<p>Most sites that use two-step verification don\u2019t require that you enter a one-time password on every login, since that would be overkill. It\u2019s also unnecessary to enable two-step verification for every account you might have\u2014there isn\u2019t much liability to someone logging in to your New York Times account since they couldn\u2019t do anything diabolical once in. For more-important accounts\u2014email, social media, cloud services, banking\u2014you absolutely should use two-step verification for added protection so a bad guy can\u2019t impersonate you to your friends, receive email-based password resets for other sites, or access your most important data.<\/p>\n<p>You may also hear the term <i>two-factor authentication,<\/i> which is even more secure than two-step verification when implemented correctly. That\u2019s because two-factor authentication combines <i>something you know<\/i> (your password) with <i>something you have<\/i> (such as a secure token keyfob that generates time-limited one-time passwords) or <i>something that\u2019s true of you<\/i> (biometric info like a fingerprint or iris scan). It might seem like using your iPhone to get a text message or run an authenticator app qualifies, but if you end up doing everything on a single device that could be compromised, it\u2019s not true two-factor authentication.<\/p>\n<p>Regardless of the terminology, going beyond a single password, no matter how strong, significantly increases your security, and you would be well served to employ such a security technology for your most important accounts. To learn more about why strong passwords are necessary, using password managers, and even more details behind two-step verification and two-factor authentication, check out <i><a href=\"http:\/\/tid.bl.it\/passwords-tcn\">Take Control of Your Passwords<\/a>.<\/i><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For your most important accounts, things like email, social media, cloud services, and banking, you should go beyond a password and protect them with two-step verification. Learn more on our blog.<\/p>\n","protected":false},"author":1,"featured_media":26188,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"wds_primary_category":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[66,56,39,71,52,123,124],"tags":[],"class_list":["post-26166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article","category-asmc","category-blog","category-explainer","category-iphone","category-passwords","category-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2016\/12\/2SV-photo-1080x675.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6YLEm-6O2","jetpack-related-posts":[{"id":27460,"url":"http:\/\/www.computeradvantage.us\/v3\/five-things-you-should-never-do-with-passwords-and-three-you-should\/","url_meta":{"origin":26166,"position":0},"title":"Five Things You Should Never Do with Passwords (and Three You Should)","author":"computeradv","date":"January 11, 2018","format":false,"excerpt":"Passwords are the bane of our modern existence. Nearly anything you want to do, it seems, calls for a password. As the Internet\u2019s reach extends beyond computers and into phones, TVs, appliances, and even toys, we have to enter passwords with increasing frequency and in ever more annoying ways. To\u2026","rel":"","context":"In &quot;1Password&quot;","block_context":{"text":"1Password","link":"http:\/\/www.computeradvantage.us\/v3\/category\/1password\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2018\/01\/Password-Rules-manager-icons.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2018\/01\/Password-Rules-manager-icons.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2018\/01\/Password-Rules-manager-icons.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":26710,"url":"http:\/\/www.computeradvantage.us\/v3\/get-two-factor-authentication-working-in-older-apple-systems\/","url_meta":{"origin":26166,"position":1},"title":"Get Two-Factor Authentication Working in Older Apple Systems","author":"computeradv","date":"June 14, 2017","format":false,"excerpt":"Apple is increasingly encouraging us all to turn on two-factor authentication for our Apple IDs because it adds an extra layer of security on top of the password. With two-factor authentication, when you log in to iCloud or iTunes for the first time on a new device, it prompts you\u2026","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"http:\/\/www.computeradvantage.us\/v3\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/tip-2FA-older-systems.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/tip-2FA-older-systems.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/tip-2FA-older-systems.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/tip-2FA-older-systems.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":33385,"url":"https:\/\/www.computeradvantage.us\/v3\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes\/","url_meta":{"origin":26166,"position":2},"title":"How to Take the Annoyance Out of Your Key Passwords and Passcodes","author":"computeradv","date":"August 19, 2021","format":false,"excerpt":"Password managers are essential, but you must still remember and enter some passcodes and passwords. Read on for our advice on how to create ones that are secure, memorable, and easy to type.","rel":"","context":"In &quot;Blog&quot;","block_context":{"text":"Blog","link":"http:\/\/www.computeradvantage.us\/v3\/category\/blog\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2021\/08\/how-to-take-the-annoyance-out-of-your-key-passwords-and-passcodes.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":30311,"url":"https:\/\/www.computeradvantage.us\/v3\/use-your-apple-watch-to-unlock-your-mac-and-apps-in-catalina\/","url_meta":{"origin":26166,"position":3},"title":"Use Your Apple Watch to Unlock Your Mac, and Apps in Catalina","author":"computeradv","date":"January 22, 2020","format":false,"excerpt":"If you\u2019ve resisted requiring a password on your Mac after it wakes up or comes out of the screen saver because it\u2019s too much work to enter repeatedly, an Apple Watch can make authentication much easier. In previous versions of macOS, just wearing an unlocked Apple Watch is enough to\u2026","rel":"","context":"In &quot;Apple Watch&quot;","block_context":{"text":"Apple Watch","link":"http:\/\/www.computeradvantage.us\/v3\/category\/apple-watch\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/01\/use-your-apple-watch-to-unlock-your-mac-and-apps-in-catalina.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/01\/use-your-apple-watch-to-unlock-your-mac-and-apps-in-catalina.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/01\/use-your-apple-watch-to-unlock-your-mac-and-apps-in-catalina.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/01\/use-your-apple-watch-to-unlock-your-mac-and-apps-in-catalina.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/01\/use-your-apple-watch-to-unlock-your-mac-and-apps-in-catalina.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":26706,"url":"http:\/\/www.computeradvantage.us\/v3\/how-to-unlock-your-mac-with-a-wave-of-your-hand-well-apple-watch\/","url_meta":{"origin":26166,"position":4},"title":"How to Unlock Your Mac with a Wave of Your Hand (well, Apple Watch)","author":"computeradv","date":"June 20, 2017","format":false,"excerpt":"It\u2019s magic. You walk up to your Mac, touch a key to wake it up, and upon noticing that you\u2019re wearing your Apple Watch, it unlocks without making you enter a password. Brilliant! For some of us, it\u2019s almost a reason alone to get an Apple Watch. Auto Unlock, as\u2026","rel":"","context":"In &quot;Apple Watch&quot;","block_context":{"text":"Apple Watch","link":"http:\/\/www.computeradvantage.us\/v3\/category\/apple-watch\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/Auto-Unlock-Security-pref-pane-1024x833.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/Auto-Unlock-Security-pref-pane-1024x833.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/Auto-Unlock-Security-pref-pane-1024x833.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2017\/06\/Auto-Unlock-Security-pref-pane-1024x833.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":30452,"url":"https:\/\/www.computeradvantage.us\/v3\/to-prevent-spearfishing-set-a-pin-or-passcode-on-your-cell-phone-account\/","url_meta":{"origin":26166,"position":5},"title":"To Prevent Spearfishing, Set a PIN or Passcode on Your Cell Phone Account","author":"computeradv","date":"March 2, 2020","format":false,"excerpt":"It\u2019s shockingly easy for someone to take over your cell phone number. Once they\u2019ve done that, they can reset passwords on many of your online accounts. Read on to learn how to protect your cell number with a PIN or passcode.","rel":"","context":"In &quot;Article&quot;","block_context":{"text":"Article","link":"http:\/\/www.computeradvantage.us\/v3\/category\/article\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/02\/to-prevent-spearfishing-set-a-pin-or-passcode-on-your-cell-phone-account.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/02\/to-prevent-spearfishing-set-a-pin-or-passcode-on-your-cell-phone-account.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/02\/to-prevent-spearfishing-set-a-pin-or-passcode-on-your-cell-phone-account.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/02\/to-prevent-spearfishing-set-a-pin-or-passcode-on-your-cell-phone-account.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.computeradvantage.us\/v3\/wp-content\/uploads\/2020\/02\/to-prevent-spearfishing-set-a-pin-or-passcode-on-your-cell-phone-account.jpg?resize=1050%2C600&ssl=1 3x"},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/posts\/26166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/comments?post=26166"}],"version-history":[{"count":0,"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/posts\/26166\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/media\/26188"}],"wp:attachment":[{"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/media?parent=26166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/categories?post=26166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.computeradvantage.us\/v3\/wp-json\/wp\/v2\/tags?post=26166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}