What is Two-Factor Authentication? - And Why You Should Use It

Last night I had a chat with someone who had her Netflix account hacked. The hacker changed her password and the email address associated with the account. This prompted a bigger conversation about how accounts get hacked and some simple steps to prevent being hacked. Those steps include not using the same password for multiple services, creating strong passwords, and using two-factor authentication whenever it is offered.

Two-factor authentication, sometimes called two-factor verification, is a system in which you have to enter a password and then receive an SMS (text) message or email through which you verify that you actually tried to sign into your account. I use this on every service that offers it including my Google account and all bank accounts. This is great because if someone does try to sign into one of my accounts from a computer or phone other than mine, I immediately get a text message. My friends Lee and Sachi LeFever at Common Craft have a great video that explains two-factor authentication. You can see that video here.


Unfortunately, Netflix doesn't currently offer two-factor authentication to protect users' accounts. Fortunately, while it's massively inconvenient to have your Netflix account hacked there isn't too much damage that a hacker can do with your Netflix data. The best thing that you can do to protect your Netflix account is to use a strong password that you only use on Netflix. Again, Common Craft has a good video about creating strong passwords.


For help in creating a strong password consider using a tool like Wolfram Alpha's password generator.

Common Craft videos can be reviewed online for evaluation purposes. To use embed them into a blog as I've done requires a membership (which are very reasonably priced).

Disclosure: I have an in-kind relationship with Common Craft.

How to Monitor the Devices Accessing Your Google Account

Google Accounts are great because they allow us to connect to much of our work from almost any mobile device. Of course, the more devices that you connect to your Google Account, the more opportunities there are for your account to be compromised. To help you monitor the devices that are being used to access your Google Account, Google has added a new Devices and Activity section to your Google Account.

To see a list of the devices that have been used to sign into your Google Account, open the security section of your Google Account then select Devices and Activity. If you notice something suspicious, reset the password for your Google Account.

Read more about the new Devices and Activity settings on the Google Apps Updates Blog.  

Watch these videos for help on creating a strong password.

How to Review and Manage 3rd Party Apps Accessing Your Google Account

Many apps and services make it easy to sign up and sign in by using your Google Account. While this is convenient, I use the option a lot, there are always risks associated with giving a third party permission to utilize your Google Account. The biggest risk being that if the third party's security is compromised, log-in to your Google Account could also be compromised (to clarify, Google does have measures in place to limit this risk, but it's still a risk). What I do to minimize this risk is to revoke third party access to my Google Account for any service or app that I don't use on a regular basis.

The directions below walk you through how to manage the permissions that third party services have on your Google Account.

Step 1: Go to https://www.google.com/settings/security (sign into your Google Account if you aren't logged in).

Step 2: At the top of the page select the "security" tab then under "account permissions" select "view all."

Click the picture to view full size. 

Step 3: Click on any of the applications listed to view permissions and to revoke access.

Click the picture to view full size. 

Do the Two Step to Protect Your Google Drive, Dropbox, and Box Files

Cloud storage of files is one of my favorite aspects of the modern Internet. Cloud storage services make it easy to access all of my important files from any computer and most mobile devices. And for students cloud storage eliminates the I forgot my flashdrive excuse for not having an assignment ready for class.

The potential problem with cloud storage, and any other online service for that matter, is having your account compromised. One way to make it more difficult for your account to be compromised is to enable two-step authentication.

Two-step authentication for a Google account requires entering a verification code that Google sends to your cell phone. Click here for directions or watch this video to learn more.


If you're a Dropbox user you can activate two-step authentication for your account. Click here for directions or watch the Tekzilla video below to learn more.


Other than Google Drive, Box has become my favorite cloud storage service over the last few months. This week Box added the option to enable two-step authentication for your account. Click here for directions for enabling two-step authentication on Box.