It seems every week we hear about another social media hacking, with some high profile business or celebrity’s Facebook or Twitter account compromised. Unfortunately, you don’t need to be famous to attract the attention of hackers.
Everyone is at risk, but thankfully two-factor authentication can reduce the chances of it happening to your business.
The idea of two-factor authentication revolves around something you know and something you have. When you withdraw money from an ATM, the something you know is your PIN and the something you have is your bank card. One alone isn’t enough; you need both pieces of the puzzle in order to get your money out.
When it comes to online security, the something you know is your password, while the something you have can be your mobile phone.
Services such as Facebook, Twitter, Gmail, Yahoo! and Microsoft now let you register your mobile phone with your account. When you try to log into your account from a new device for the first time, a code is sent to your phone as a text message. You need to enter both your password and the code before you can get into your account. This way, hackers can’t break into your account even if they know the password, well not unless they can get their hands on your phone as well.
Two-factor authentication might sound like a hassle, but thankfully most services let you remember “trusted” devices so you don’t need to enter a code every time you log in from your own computer. It also means you can set up access for key staff members, knowing they can’t log in from other devices unless you authorise it and supply the code.
Facebook and Google offer extensive two-factor authentication options, including workarounds in case you don’t have mobile coverage and can’t receive a text message. The Facebook apps for iOS and Android have a built-in code generator which stays in sync with your account, so you can use a code from the app to log into your account without a text message. You need to set it up beforehand, as you have to send a text message to your phone before you can start using the code generator.
There’s a Google Authenticator app for iOS, Android and BlackBerry which works in a similar way. You can also use the Google Authenticator app to generate codes for third-party services such as Amazon Web Services, Dropbox, Evernote, Facebook, LastPass, WordPress and Microsoft accounts.
If the thought of someone hacking into any of these services strikes fear into your heart then you really need to investigate your two-factor authentication options.
However, Twitter’s two-factor authentication is still pretty basic. You can only associate your mobile phone number with one Twitter account, a limitation also applied by Facebook but not Google.
Unfortunately, Twitter’s text messaging only works with Telstra mobile phones in Australia, not Optus and Vodafone. Perhaps even worse is that Twitter’s two-factor authentication system only works when you log into the twitter.com website. If you access Twitter via third-party Twitter clients and other social media platforms, as most people do, then you’ll still only need to enter your login and password. You can’t even tell Twitter to remember your trusted devices, so you need to punch in a new code every time you login to twitter.com.
All these restrictions combined mean that Twitter’s two-factor authentication isn’t very practical for business users.
Two-factor authentication isn’t a magic bullet for online business security, but it’s a handy extra layer of defence which might help keep hackers at bay.