The Diablog™

How Secure is Secure?

two factor authentication security

Two factor authentication (TFA) is an improvement on the old username + password method of authentication. It adds something-you-have or something-you-are to the password (which is something-you-know).

Something-you-have, something-you-are, or something-you-know. Pick any two, and you have two factor authentication.

In the something-you-have category are things like your mobile phone or a USB device like a Yubikey.

The TFA solutions that use something-you-are would include biometric devices like fingerprint scanners and retina scanners.

Unless you're in charge of launching nukes, you probably don't need a retina scanner, but adding TFA to your email account is an absolute necessity. If your email account is hijacked because someone knows your password, they could rapidly go around to all the websites on which you have accounts and request password resets. Password resets almost always work by sending you an email with a link to set a new password. If they have your email account – they have you.

Here's how Gmail does TFA. You enable TFA by entering your mobile phone number in Gmail settings. While you're in there, turn off POP and iMap access. More on that later.

The next time you log in, enter your username and password as usual, and Gmail will send a random 6-digit number to your phone. Once you enter that, you're logged in. It's very simple.

With this in place, if someone learns your password, it does them no good. They also need your phone. Don't lose it.

There are a few things you need to know about Gmail's TFA:

  • It only works if you use the webmail client. If you use a mail application that uses iMap or POP to get mail from Google, those protocols have no facility for TFA.
  • You must also turn off POP and iMap access to your Gmail account because otherwise the bad guys will just use one of those to go around your TFA efforts.
  • When you set up your account, have Gmail create some emergency codes, print them out and save them in a secure place. They will let you get in if your phone is dead/lost/stolen.

Dialogs offers TFA using either SMS or Yubikey, so if you left your Yubikey at home you can just enter 'SMS' instead and it will send you a text just like Gmail does. Call us (800-707-0106 x:123) or contact us today to learn more about TFA and other security best practices.