The Register-Herald, Beckley, West Virginia

Web Extra

August 9, 2012

Slate: 4 steps to avoid getting hacked

(Continued)

Fortunately, that something exists. Unfortunately, very few people use it. It's called "two-factor authentication" — a security system that requires two credentials to let you into an account. The first is something you know — your password. The second is something you have with you: a biometric marker (say, your fingerprint), an electronic key tag, or — easiest of all — a cellphone that can generate a unique code.

Last year, Google turned on two-factor authentication for its accounts. The system works pretty well: After you turn it on, install the "authenticator" app on your smartphone. Now, when you log in, you type in your password and the code generated by your phone (it works even if your phone is offline). If you don't have a smartphone, you can also have the code texted to you. Facebook also added two-factor authentication last year.

The problem with two-factor authentication is that it's a bit of a hassle. You can set your Google account to only ask you for the code every two weeks on registered devices, but for some lazy people that's too much trouble. Worse, because some programs that connect to your Gmail account don't use two-factor authentication — programs like your smartphone's mail app — you need to jump through some extra hoops to configure them to work with the system. All this requires a little bit of tech savvy, and the whole thing is not quite user-friendly enough for the majority of computer users just yet.

I'd guess that's why Apple hasn't added two-factor authentication to its services. But I hope Apple is working on some way to make this level of protection easy enough for the masses. (One option: built-in fingerprint readers in all its devices.) If such a system were in place, the attack on Honan's Apple devices wouldn't have happened. The hacker might have gotten his password, but he wouldn't have had the second factor — fingerprint, code, something — to get into his accounts.

Text Only
Web Extra