How to protect your email account with two-factor authentication

  • Written by  Jon Sternstein
  • Published in Research
  • Read 2664 times

What is the most important account that you own?.... Most people would say it's their bank account, but many underestimate the value of their email account. If someone gets access to your email account, they can often access all of your other electronic accounts including your bank, LinkedIn, Facebook, Amazon, and more. With access to your email account, a malicious person can click the “I forgot my password” link on all of your other accounts. This password reset link usually goes straight to your email account that they already hacked! This is why your email account is so important and we will show you how to protect it with two-factor authentication.

 

What is two-factor authentication? It is two of the following:

1. Something you know (ex. password, PIN, or secret question)

2. Something you have (ex. cellphone, badge, RSA token)

3. Something you are (a physical characteristic), for example, fingerprint, retina scan or voice activation.

Here is an example.  An individual walks into a high security area and they are asked for their ID badge (something they have) and their fingerprint (something they are).  This is one way that two-factor authentication works in the real world, but it is also possible on the computer!

Gmail, Yahoo, and Outlook all allow you to enable two-factor authentication on your account! So if you log into your email account from an unfamiliar computer, you type in your password (something you know) and then a text message with a PIN will be sent to your phone (something you have) to confirm it is actually you. Now, in order to get access to your email account, someone would need to steal both your password AND your phone which is highly unlikely.

 

Let's walk you through the process in Gmail:

1. Login

Log into your account

 Gmail Login

 2.  Enter code

If you log in from an unfamiliar device, Google will send a text to your phone and ask you to type in the code that appears.  You can tell Google to "don't ask for codes again on this computer" if this is a trusted device.

 Google text message for two-factor authentication

 

3.  Access Granted

After you type in the code, you are taken to your email! 

 

The process is slightly different if you check your email through an application other than your web browser, for example, the mail app on your mobile.  In those cases, you will need to ask Google to give you an "application specific password" that you will enter once for this app (see Google instructions below).

 

Instructions

Now that you are excited and ready to set this up on your email account, here are instructions for the three major email service providers.  It's very easy and gives you a high level of security!

Gmail: http://www.google.com/landing/2step/

Outlook: http://windows.microsoft.com/en-us/windows/two-step-verification-faq

Yahoo: https://help.yahoo.com/kb/activate-sign-in-verification-sln5013.html.  For Yahoo, choose the option to only allow your phone (text message) to be used as your verification.  They also offer "secret questions" as a verification, but this is NOT a second factor because it is still "something you know" just like your password.

 

Conclusion

Two-factor authentication is a great way to protect your online accounts from being hacked.  Your email accounts are not the only ones that you can protect with two-factor authentication.  Some other services that offer two-factor authentication are Facebook, LinkedIn, Twitter, Evernote, Paypal, Apple, Dropbox, and some banking websites.  Many websites offer secret questions as an additional security measure to identify you, but this is NOT two-factor authentication because your password and secret questions are both "something you know".  You need "something you have" (ex. a phone) or "something you are" (ex. fingerprint) in addition to your password (something you know) in order to make it two-factor authentication.

Ask your online service providers to offer two-factor authentication if they do not already because passwords are not enough to protect you these days!