Two-factor authentication – does it work?
John M. Haddad
In the past, I’ve written a few posts on two-factor authentication (2FA) security and why you should implement this option for all of your logins.
Well, I can say from experience, my implementation two-factor authentication on my own account really paid off when I recently received a critical security alert from Google on a suspicious login attempt from someone in Greece.
It seems that even though I thought I had a strong password (was strong, but not overly complex) on my google account, this person was able to crack my password and attempted to log in. I got this note from Google.
So the hacker had my username and my password but didn’t have the “token” that would have been generated from my cell phone, so they could not get into my account. The implementation of two-factor authentication saved me from pretty much losing my Google account, including my Gmail and all the other Google services I use. Immediately, I changed my password to be a more complex password.
Without rehashing what two-factor authentication can do for you, I encourage you to read my post “More on Two-factor authentication” where I explain in more detail about what two-factor authentication is and how to implement it.
Summary
So, in summary, a few lessons learned.
- Make sure your password is not only strong but complex. A strong password may be something like “L00k4Me356“, however, a complex password may be something like “9a%e3h%qZy“.
- Use password managers, like LastPass to help generate and manage complex passwords.
- Implement two-factor authentication to add an additional layer of security. Just about all email systems, financial institutions and many other websites are implementing two-factor security on their sites. Take advantage of that for peace of mind.