Two-step authentication: a necessity for secure webapps
21 June, 2011 § 2 Comments
Recently, my girlfriends Gmail account showed that it had been accessed from Poland, France, and the United States, all within a couple hours of each other. This breach of security was horrifying, and pointed out how easy it can be for someone to access another persons account.
We’re not sure how her password leaked. Maybe it was through a phishing site or some malware/key logger on her machine. But that was neither here nor there. The plain fact is that her account was granting access to unknown parties without her permission.
Not too long ago, Google announced 2-step verification for Gmail. With 2-step verification, the user logs in with their password, and then enters in a code that was obtained using their mobile phone. A friend of mine also uses a similar procedure for his World of Warcraft account.
I’ve signed up for 2-step authentication as well, and don’t mind the subtle inconvenience. If you are a Gmail user, you should try it out today.
Features like these make account security much stronger, and it is time that more secure websites start offering it (especially online banking).