Two-factor Authentication

Some thoughts about account security. I am securing most (well, all that are possible) of my online accounts with 2 factor authentication (2fa). Several of the past security breaches would have been impossible (well, at least more difficult) if users had enabled 2fa. Two independent components to identify a user significantly raise the bar to capture or hack an account- a simple password leak is not enough anymore.

Common services for 2fa:

  • email
  • SMS
  • Google Authenticator
  • FreeOTP (App)
  • YubiKey (Real Token)

A list of internet accounts that should be protected and a link to their security settings:

  • Dropbox http://www.dropbox.com/account#security
  • Facebook https://www.facebook.com/settings?tab=security
  • Twitter https://twitter.com/settings/security
  • Google https://accounts.google.com/b/0/SmsAuthConfig?hl=de
  • Microsoft https://account.live.com/summarypage.aspx
  • Steam (steam guard)
  • LinkedIn https://www.linkedin.com/settings/security-v2?goback=.nas_*1_*1_*1
  • Paypal https://www.paypal.com/myaccount/settings/security
  • WordPress (several plugins, example: https://wordpress.org/plugins/two-factor-auth/)