Many of the recent data breaches, including the Heartbleed vulnerability, have exposed passwords as a common denominator. And as you know, if someone gets hold of your password, then your account—and all the data in it—is vulnerable.
But there's an easy way to protect your critical business accounts from hackers and other infiltrators: Set up a two-factor-verified authentication system. With a two-factor-verified system, knowing your password is only the first step. To get any further, hackers will need to know the second factor, which is a special code (another password) that only you know and that changes every time you log in. Accessing your account will be a virtual impossibility.
If you're interested in setting up a two-factor-verified system on your business accounts, follow the directions below for the major platforms:
Go to google.com/2step. Click the blue button, upper right corner, that says “Get Started.” Follow the prompts that then lead to the process; choose text message or a phone call to receive your code. Your setup now applies to all Google services including YouTube.
After signing in to your Yahoo account, you can begin Yahoo’s “Second Sign-In Verification” setup by hovering over your photo to trigger a drop-down menu. Click “Account Settings,” then click “Account Info.” Scroll to “Sign-In and Security,” and click the link “Set up your second sign-in verification.” Submit your phone number to receive a code via text. No phone? Yahoo will send you security questions.
Visit applied.apple.com. A blue box to the right says “Manage Your Apple ID.” Click it, then log in using your Apple ID. Click the link to the left, “Passwords and Security.”
Answer the two security questions to execute a new section, “Manage Your Security Settings.” Below is a link called “Get Started.” Click it, and enter your phone number to receive a code via text. You can also set up a unique password called a recovery key that you can use if your phone is not available.
Log in at login.live.com using your Microsoft account. Once you’ve logged in, look to the left where you'll see a link that goes to “Security Info.” Click it. Look to the right, where you'll see the link “Set Up Two-Step Verification.” Click it, then click “Next.” Then follow the simple process.
To set up “Login Approvals,” go to Facebook’s website. To the right at the top is a blue menu bar; click the arrow that faces down to bring up a menu. Click “Settings.” To the left, you’ll see a gold badge that says “security” beside it; click it. Look to the right where you'll see “Login Approvals.” There will be a box that says “Require a security code.” Check that, then follow the instructions.
Facebook will sometimes text you the security code, or it may require you to use the Facebook mobile app on Android or iOS to get your code, which will be in the “Code Generator.”
Set up the “Login Verification” by going to twitter.com, then clicking the gear icon in the upper right corner. Look left, where you'll see the “Security and Privacy” link. Click it. Then you’ll see “Login Verification” appear under “Security.” You’ll be given a choice of how to receive your code. Make the choice, then Twitter will guide you through the rest.
Go to linkedin.com, then hover over your photo to bring up the drop-down menu. Click “Privacy and Settings.” Toward the bottom is “Account.” Click that to bring up “Security Settings” on the right. Click that to be taken to “Two-Step Verification for Sign-In.” Click “Turn On,” then enter your phone number to receive the code.
Log in to PayPal, and click on “Security and Protection” which is in the upper right corner. At the bottom of the page you’re taken to, hit “PayPal Security Key” on the left. When you get to that page, go to the bottom of it and click “Go to register your mobile phone.” On the next page, enter your phone number and wait for the code via text.
You'll have to keep a few things in mind to make this two-step verification process work. First, make sure you have unlimited text messaging if you're using your mobile and text as the second factor. Next, if an account doesn’t offer the two-step-verification, see if it has alternatives that use phone calls, smartphone apps, email or “dongles.” These types of services provide codes that allow you to enter a site you’re already logging on to. Finally, if you receive a text requesting your account information, consider it a fraud. No reputable company would request that information from you.
Robert Siciliano is the author of four books, including 99 Things You Wish You Knew Before Your Identity Was Stolen. He is also a corporate media consultant and speaker on personal security and identity theft. Find out more at www.RobertSiciliano.com.
Read more articles on technology.