It goes unsaid these days that online security is a serious issue. Companies like Google are starting to move beyond the password, which hackers have repeatedly demonstrated to be easily crackable given either 1) users have the same password for multiple accounts, or 2) passwords aren’t strong enough to thwart even amateurish attacks.
In 2010, Google offered something called two-factor authentication (TFA) to its users to safeguard their accounts better. Using TFA means you’ll have to provide some additional information — such as a uniquely generated passkey — besides your password to log in. In 2011, Facebook followed suit, to be joined in 2012 by Dropbox, LinkedIn and Twitter.
This fortnight, here are three apps that could help secure your TFA experience.
LastPassUsing the LastPass password manager is simple. Simply log in to their site, auto-generate tough passwords using their algorithm, and LastPass will save them for you according to the site you’ve generated each password for.
The next time you visit that site, LastPass will auto-complete the password for you following some authentication that you’re using LastPass and you’re on the site (alternatively, you could use LastPass’s built-in browser to log in). Effectively, this means you have only one password to remember: the one you use to log in to LastPass.
The app is available for iOS, Android and Blackberry devices for a 14-day trial period. After that, it costs $12 per year to use it. It also syncs with Chrome, Firefox, Safari, Opera and Internet Explorer.
1Password1Password is LastPass with one upside and one downside. On the upside, the app has one more layer of security. Should your (synced) smartphone be stolen, the thief can get into LastPass once the phone’s lock, if you have it, is surmounted. However, with 1Password, you can lock the app itself behind a 4-digit key or some other strong password.
On the downside, its UI is messy: on an Android device, it looks like it was designed for the pre-Windows XP era. The iOS client looks much better, however.
1Password is available for free for Android devices, and comes at a price of $17.99 for iOS. There are also desktop clients for Macs and Windows PCs. It also syncs with folders in your Dropbox.
Google AuthenticatorThis biggie comes from Google itself, and it’s available for free for Android devices. The way it works: you first sync the app with a service you want to use TFA for, say WordPress. WordPress then generates a passkey, which you enter into Authenticator to start syncing the app with your WordPress account. Some sites will also generate back-up passkeys for your safekeeping.
The next time when you have to log into WordPress, just your password won’t do. WordPress will notify Authenticator that someone is trying to log in. The app then generates a random number of its own, which you have to enter on WordPress to log in.
This way, a person trying to get into your WordPress account without your permission will need both the password and the random passkey.
