Ian Moulster's blog

A Microsoft employee translating Microsoft technology into plain English

Protecting yourself with 2-Step Verification

Protecting yourself with 2-Step Verification

  • Comments 1

Not many people seem to use 2-step verification, probably because it generally requires you to…well…do something. I don’t want to imply everyone is lazy (heaven forbid) but I guess we all have busy lives and frankly something called “2-step verification” sounds like it’s going to be painful. Or maybe a dance.

Actually, it’s really, really useful and worth a small investment in time if you’re at all worried about your online accounts being hacked. Such as email, facebook, twitter, etc.

So what is it then? It’s fairly simple: Let’s say someone manages to get (or guess) your password for your email account. Full of joy, they visit the appropriate website such as www.outlook.com, www.gmail.com, www.yahoo.com or whatever, and type in your email address and password. Now, without 2-step verification they are in. They can see all of your email, send messages, do whatever they want. But if 2-step verification is turned on, something quite clever happens. Your email provider thumbs through the list of browsers you use – such as the one on your PC at home, or your tablet, or your PC at work – and if the browser being used isn’t on the list it requires another password. And this password is either sent to you by text to your mobile phone, or emailed to another account that you have access to such as a work account. Now the would-be hacker is foiled, unless they also have your mobile phone or somehow magically have access to your other email account. Which is unlikely. So the hack fails and we all live happily ever after.

Let’s just recap how this works:

  • When you turn 2-step verification on, the first time you try to access your account it will send you a text or email your other account as described above. However you only need to do this one per machine or browser you’re using. From then on, it won’t ask you for this second password again because it knows that you’re using an “approved” machine / browser
  • If someone tries to access your account from another machine or browser, even if they have your username and password, they won’t be able to get in because it will request the secondary password.

Pretty smart. And such a simple way to protect your account.

To make things easier for you I have included some instructions below on how to turn this on for the following services:

  • Outlook.com (Hotmail)
  • Gmail
  • Yahoo Mail
  • Facebook
  • Twitter

If you use any of those services I recommend you take these simple steps and sit back in the knowledge that you have just made things significantly more difficult for any would-be hacker. Oh and just for clarity: This works for apps too, such as the Facebook app on your phone. It isn’t just for browsers.

Leave a Comment
  • Please add 5 and 8 and type the answer here:
  • Post
  • How well written, give this Man a Bells!!!

Page 1 of 1 (1 items)