Two-factor Authentication

Some thoughts about account security. I am securing most (well, all that are possible) of my online accounts with 2 factor authentication (2fa). Several of the past security breaches would have been impossible (well, at least more difficult) if users had enabled 2fa. Two independent components to identify a user significantly raise the bar to capture or hack an account- a simple password leak is not enough anymore.

Common services for 2fa:

  • email
  • SMS
  • Google Authenticator
  • FreeOTP (App)
  • YubiKey (Real Token)

A list of internet accounts that should be protected and a link to their security settings:

  • Dropbox
  • Facebook
  • Twitter
  • Google
  • Microsoft
  • Steam (steam guard)
  • LinkedIn*1_*1_*1
  • Paypal
  • WordPress (several plugins, example: