Diving Deeper into Online Security – Two-Step Authentication
I tried once before to set up two-step authentication with a Google account and it was completely annoying. Every time I wanted to do something it seemed I would have to do the two-step authentication. I thought it was going to work in a way so I would use the extra security authentication once for the device or at most, each time the device was rebooted and used again as if for the first time. Or I would be asked to do the two factor authentication when signing in on a different machine. I was doing it with the codes being sent as an SMS message to my phone and it wasn’t too long before I switched it off. Basically two factor identification drove me nuts. Today I have decided I will give it another go. This time I’m going to use an application on my iPhone to protect some of my online accounts. I started off by looking at the application called Authy and I already had it downloaded and installed onto my iPhone. It said on their webpage I would be able to use it with Evernote and seeing as I don’t use Evernote too often, I thought it would be a good one to use as a trial. So I went to the Evernote Web page and logged into my account. I changed the main password first of all, before doing anything else. It’s a great idea to change passwords on your accounts from time to time anyway. Of course this password has been saved in my 1Password application and is available for me to use on all of my devices. If you don’t yet use a password manager, then I suggest today’s the day you set something up and get your devices and accounts secured behind a good passwords. The way that 1Password works, is you have one good but memorable password to get into the password manager and 1Password lets you have a really good, difficult and possibly hard to remember passwords for every other place where you need to use password security. You don’t have to remember a whole load of ridiculous passwords, all you have to do is remember the one good password. There is a password creator site I use when I want good long passwords I can remember easily. I use it to make a password for my iCloud account and and also for entry to 1Password.
Authy or Google Authenticator
During the setup of the two factor authentication for Evernote, I wasn’t able to set it up with Authy. I tried it twice and each time the only option I was given was Google Authenticator . So I downloaded Google Authenticator and decided to go with that application instead. It’s probably better to go with just one of these types of application and so Evernote has made the choice for me; maybe. I’ll probably do some reading and testing to see if there are advantages of using either one of the two, Authy and Google Authenticator. So I may make a final choice after a week or two of using these apps. I have since found out you can use 1Password to do the two factor passwords. Could be better to use that seeing as I use it already anyway for standard passwords.
Here is another source of information on Two Factor Authentication.
Download PDF Book - SMIME SETUP
Using S/Mime certificates is easy when you have it set up. Learn how to get the Certificate on to your Mac and iOS Devices.
FREE Step by Step Guide to Getting a S/Mime email certificate from StartSSL.com
There are a lot of steps to set up a cert. You have to use the Terminal and put the private key and the certificate in the right places to get the file you need to put the certificate on your iOS devices.
DON'T WORRY - IT'S EASY WITH THIS GUIDE
Right click on the link to download to your device
Don’t forget to check your email to complete the process to join the Good and Geeky tribe. There will be great information coming your way about using technology to improve your Good and Geeky life.
The setup process requires some dancing around
There is an authentication process you have to go through each time you set up a new service to use two-step authentication. This usually requires an email being sent to you so you can confirm your email address. With the accounts set up so far I have been sent a six digit code which I have entered on the website. These six digit codes have been sent to me via SMS which I have received on my iPhone 6. The process is simple enough. When you first set up, you are given the choice for the confirmation code to be a voice call or whether to get the message sent by SMS. You can’t really go wrong following the instructions. Unless you are trying as I was, to use an application which says it is supported, but is unavailable from within the service. All you really need to do is to follow the steps as they are presented on screen and before long you will be set up with the extra protection that two-step verification gives you. I found it was easier to have the code sent to me by SMS and afterwards I changed so I would be able to do it using the Google Authenticator application. With the application you can sign in using a QR code which you scan with the camera on your smartphone or you type in the six digit code.
Backups and backup codes
During the setup process with both Evernote and also with one of my Gmail accounts I have set up with two-step verification, I was offered the backup of single use codes which can be used in an emergency. So if I was to lose my phone, but I still had access to these single use codes I would still be able to gain access to my account. I was given six of these codes with Evernote and ten codes to use with the Gmail account. Each of these sets of codes have been saved into 1Password. I always have access to 1 Password through my Mac, my iPad and also my iPhone. It’s unlikely I would lose all those at the same time and I think I can still get to my passwords through a web page if I need to. Just so long as I can remember the good one password to access my account. The application Authy will do backups of any accounts you set up with it.
The verdict so far on two step authentication
I just opened up the Evernote account on my iPad as I was wondering if I would need to login again and to use the two-step verification. I wasn’t required to do either of those and it is probably only going to be required if I log out of it and log back in again. So far the whole process has been fairly painless and I may set up a couple of other accounts to use the two-factor verification. The Google Authenticator application is very simple and there’s not much to it at all. I like being able to scan a QR code to get extra verification to get into my account. It’s a good idea to have two-step verification. It requires you have one thing you know (the password) and also one thing you have (your smart phone) in order to gain access to your protected account. Seeing as I have the iPhone 6 which requires fingerprint entry to the device that gives me biometric protection for any accounts I’ve set up in this way. I set up Dropbox to have two step authentication but I used Authy so I can have a comparison between the two applications. I suspect there will not be a huge difference and I will be better off to just use one app for this specific job.
1Password for everything
1Password will handle single use passwords (as in two step verification). I have the app everywhere and it would save me opening other apps to do 2 factor authentication. In the long term I might be better off with 1Password to provide the service. I set up Tumblr with 1Password and it worked OK . I have to use it a few more times to get comfortable with. So as with the 2 Factor Authentication as a whole, the jury is still out.
A Sad State of Affairs
It’s a bit sad that our internet computing has come to this. We need to think security all the time and there’s no point in encrypting sent emails if the bad guys can get into your email system at source and do what they like anyway. You can protect your internet accounts by stages, starting off by giving extra protection to just the most important accounts. If you find it is painless to use an application like 1Password, Authy or Google Authenticator, then go the whole hog and use 2 step verification on as many accounts as possible. Here is a list of places you can use two-step verification.