09 Mar 2013

Two Factor Authentication for All the Things

I recently went wild with two factor authentication due to reading about Chicago VPS getting hacked. I received the nicest email from LastPass warning me that my email address was among the SQL dump posted by the hacker.

My Response

First off, according to ChicagoVPS all the passwords were in the form of salted hashes. So that’s good! Also, I use unique passwords thanks to LastPass. So losing one password to a SQL dump in the form of a salted hash isn’t a big deal. At least not with ChicagoVPS. Might be a bigger deal if it was Amazon AWS or a Google Account.

Back to the Point

I read a wonderful article, by chance, about a new service called Authy. Authy provides easily integrated Two Factor Authentication services that use your phone as the second factor. Authy either uses a smartphone application or a system based on SMS.

So where did I add it?

Caveats

After turning on Two Factor Authentication with my Google Account, I needed to setup and start using ‘Application Specific Passwords’. They’re a way to have a unique password for specific services that are not setup for the Two Factor Authentication system. To find the settings: Log into Gmail > Settings > Account > Security > 2 Step Verification Settings > Manage Application Specific Passwords > Login Again > Scroll to Bottom of Page. For each item, like Thunderbird, Sparrow App, Android applications, etc, you’ll need to give the specific password a name. Next click ‘Generate Password’. Copy that password into your application. I must say, I’ll be a lot more comfortable with online transactions when most service providers (esp. Banks, Investment Accounts, Amazon.com, etc) offer Two Factor Login options! Let me know if you’ve found any other useful places for using Authy’s wonderful 2 Factor Auth through the comments below or on Twitter @_ZPH. Credit for this article’s inspiration belongs to : This BlogFollow up… Flashed a new Rom to phone and my only hassle was with Amazon Aws 2 factor Auth. Make sure to do Authy backup to simplify this before flashing new Roman.