“As a user, there is little one can do” is a statement often heard, followed closely by “everything was better offline”. However, there are in fact many possibilities to protect access to your data without having to be a technically gifted user.
The two-factor authentication enables extensive protection without neglecting usability. Its fancy name comes from the way it validates one’s identity: by verifying something s/he knows and something s/he has.
How does this work?
Users have login credentials to a website, usually consisting of an email address and a password. Anyone who tries to log in with this data, would be routed to another page where they must once again verify their identity with the secondary verification method This often is a temporarily valid code sent via SMS to a previously defined number, similarly to the mobile banking TAN procedure. Access to the data is only permitted following successful entry of this code. In the event of a data theft, the thief doesn’t have access to the victim’s cell phone (2nd factor) and the stolen information is thus worthless. The hackers won’t be able to access the account.
Some vendors offer additional ways to complete the extra verification: via hardware tokens (USB crypto devices, SSL certificates, e.a.); QR codes, which are scanned with a smartphone and generate a one-time code, are in the meantime also broadly available. There are thus several possibilities for better safeguarding access without making it complicated and laborious.
We believe that the combination of a virus-free system and strong passwords, changed on a regular basis and used for that sole service, is vital. The two-factor authentication provides an additional major security bonus for one’s own data. Even if your account data has been stolen, your data is worthless for the hacker without the corresponding 2nd authentication method.
All the famous & common services offer two-factor authentication these days and we strongly encourage you to activate them too.