Have you heard about the data leak at the Gelre Hospitals? “Hacking” remains a hot item. You do not want to allow anyone to access your accounts and data. Can you do something about it yourself besides using a strong random password as a next step to secure your online accounts? Of course! Use two-step verification! There are no arguments against it. We use it for every service that offers it.
Two-step verification is a must
By using two-step verification you increase your online security. With two-step verification it is no longer possible to log in only with your username and password. When logging in you need a second way of verifying. Think of receiving a text message with a code to your mobile number, a push notification with a code to your smartphone, a code from an authenticator app or a code that you have saved somewhere separately.
This offers extra security because someone with bad intentions generally only possess your username and password. They do not go beyond the first step during logging in. If they login you will receive a notification of an unknown login, after which you can immediately change your password. Your account is safe again. This is why two-step verification is a must!
Being hacked is still possible with two-step verification
Two-step verification makes hacking your online accounts a lot more difficult but not impossible. Hackers have succeeded in intercepting an text message with a code for two-step verification. This is a vulnerability in the Signaling System No 7 that is used to connect telephone networks. This system is used for making telephone calls and sending an text message.
It is also possible that hackers take over someone’s mobile number through sim-swapping. They then receive the calls and text messages from the relevant mobile number.
“Did you know that the vulnerability in the Signaling System No 7 abuses and sim-swapping are extremely labor-intensive? It actually only occurs with targeted attacks. The chance that this happens is much smaller than you being hacked because you use weak and or the same passwords.”
These arguments are regularly used in the news as a reason why two-step verification is not safe. We do not agree with this because these methods are so labor-intensive. They will not be used for hacking an account of a regular user. These methods are only used for people with a lot of valuable information.
Two-step verification through text message
Two-step verification through text message is in theory not completely safe but safe enough for the ordinary user. It is a method that also works when you switch from a smartphone. As long as you are connected to a mobile network you will be able to receive codes, at home and abroad. These are good arguments to at least choose this way of two-step verification.Contact us with questions about two-step verification
Two-step verification by an Authenticator App
We always opt for the use of two-step verification by means of a Authenticator App. Connect the app on your smartphone to the two-step verification of the service. You have to generate a code in the app every time you log in. You will receive no more text messages. Choose this method if a service offers it. If a service does not offer it, it is not a no go! Two-step verification through text message is always safer than no two-step verification.
Generate and save backup codes!
When you switch to two-step verification, backup codes are always generated or you get the option to switch them on. Always choose this! You can print the codes on paper by clicking on prints, sometimes you can download them or just copy and paste them. We choose the latter and keep them in a safe place on our computers.
What to do if you lose the backup codes?
We hear people are often afraid that they can no longer access their account if their smartphone is broken, if you have a new number without having changed it in the accounts where you use two-step verification or if you lost the backup codes. It would be crazy if you could no longer access your account. In the event you are locked out, contact the service where you can no longer access your account. They will ask for data to verify it is you. This differs per service but it concerns things like your passport and other identification methods. The combination of data means they will give you access to your account again.
Accounts that offer two-step verification
We would like to give you an overview of services where you can apply two-step verification. Enable two-step verification with services like Apple, Google, Microsoft, Instagram, Facebook, Tumblr, LinkedIn, Twitter, Telegram, Slack, WhatsApp, Snapchat, Skype, Salesforce, Mailchimp, Dropbox, Adobe, Stripe, PayPal, Amazon, GitHub, Bitbucket, GitLab, Bugsnag, Buddy, 500px, Meetup, Reddit, Imgur, Coinbase, Spotify, Plex, AirBnb, Nest. At Two Factor Auth (2FA) you can look up most services which offer two-step verification
Conclusion: always activate two-step verification if it is possible.
Contact us if you have questions about two-step verification. We are happy to help you and are always open for a talk. We answer your questions and see how we can improve your online safety.
Your online concept starts at Snoober Media
A series about security
It is important to us to inform about online security. Therefore read the previous article, “Security 2 | Use secure passwords“, about security. Soon you will read a new article in this series. We will dive deeper into password.