Feature Friday: Two Factor Authentication
With everything in the cloud now, it is important to protect your most sensitive information. I like two factor authentication for doing that. Bad people can steal passwords, but stealing your password and your phone at the same time is not as easy. And under the theory that being harder to rob than your neighbor is often enough, I feel pretty comfortable with two factor auth security and use it on as many online services as I can.
But having a dedicated piece of hardware, or a dedicated mobile app like Google Authenticator, for every web service is also a pain.
I've been watching a company called Authy for the past few years attempt to solve this problem. And I think they are getting there. I use their app as my primary way to get two factor codes on my phone. They support Google Authenticator codes as well as a host of other web services. They have an API so other developers can easily add Authy support to their apps.
So I have two recommendations.
1) If you are a user, see if you can set up two factor autentication on the web services that host your most sensitive information. And see if they support the Authy app.
2) If you are a developer, think about adding Authy two factor support to your app.
And if you have logged in sensititve information on your phone, use a pin to lock it down.
I am far from paranoid. If anything I am too trusting and prefer convenience over security in most cases. But when things should be protected, you need to protect them.