2-factor authentication

Most of the people I work with know how I feel about password security.  I’m well aware of the password management burden we all face, so I’m always promoting the use of password managers and two-step authentication for any account that supports it.  I recently read an article posted on The Register in which a Google engineer reports that less than 10% of active Google account users use two-step or 2-factor authentication (2FA) to help lock down their accounts.  Given the publicity of high-profile account hacks, and the amount of personal and financial data that generally resides in individuals’ email accounts, one would think that Google and other tech companies could do a better job of promoting 2FA.  I have two theories as to why this is not more widely implemented.  The average Google user:

  1. Has no idea what 2FA is and how it can help secure the contents of their life.
  2. Doesn’t really care about account security – that is, until their account is hacked.

Based on leaked password evidence of the Top 25 Worst Passwords of 2017, I give substantial credence to Theory #2.

I also have to give Google credit for making their 2FA process relatively easy;  I’ve even gotten my retiree parents using 2FA for their Google and Facebook logins.  Understand that 2FA is not the panacea for password security, but that extra layer of protection can provide enough of a barrier to prevent your accounts from being compromised.  If nothing else, you will at least be notified that someone has tried hacking one of your accounts.

Ready to start promoting 2FA in your sphere of influence?  The website https://www.turnon2fa.com has tutorials on how to enable 2FA for numerous websites.  Please note that some 2FA methods rely on SMS text messaging while more preferred methods use a Time-Based One-Time Password (TOTP) app such as the Google, Microsoft, or LastPass Authenticator apps available in your smartphone ecosystem’s App Store.