If you're like most people, you use the same basic password for multiple websites, maybe changing a letter or number here and there, because multiple passwords and good passwords can be complicated to remember. We've talked a number of times about using a password manager to improve your passwords and eliminate the possibility of forgetting them.
But for that to really click, you need to pair password managers with app-based two-factor authentication (2FA). With this, the app generates a special code that only you can see, every thirty seconds, and you type that number into a website or app that supports it, after you've put in your user name and password. The website or app knows that the code is the right one because of how it synchronizes with your authenticator during the setup process.
App-based authentication is far more secure than SMS text messages, because texts can be intercepted or fail to arrive. But to be fair, 2FA apps do have one downside: If you lose access to the device that's generating your codes, it may be difficult or impossible to regain access to a given account.
Alternatively, you can use a cloud-based 2FA service like Authy (download for iOS or Android), in which case you only need to remember your Authy password -- but anyone else who gets that password will then have access to your 2FA codes. So 2FA systems won't solve all your problems, but they're generally much safer than sticking to your bad passwords and hoping that no one ever guesses or intercepts them.
Setting up app-based two-factor authentication on your Amazon account
Let's walk you through how the app-based setup process works, using the free Google Authenticator app as an example.
Step one is downloading the app for for iOS or Android, then going to a website you use that has the option for app-based two-factor authentication. The exact method varies from one website to the next, but we can use a popular example like Amazon to cover a lot of use cases. Here, activating 2FA will actually be a two-step process: enrolling your authenticator app in Amazon's 2FA program, then activating 2FA to protect your login process.
On a laptop or desktop PC, open a web browser and log into your Amazon account, then click this link to go directly to the account management page that lets you add the authenticator app. Then click the button next to Authenticator App, and whip out your phone to grab the QR code that appears.
In the Google Authenticator app on your phone, tap the red "+" button in the lower right, then tap "Scan a barcode." This will activate the viewfinder for your phone's camera. Line up the viewfinder with the QR code on your computer's monitor, and the app should automatically grab the code and add it to its code library and start generating 2FA codes.
To complete the enrollment process, take the 6-digit code generated by the app for your Amazon account (it'll be tagged "Amazon" for easier identification), and enter it on Amazon's website, where it says "Enter code." Once you've entered the code, click the button labeled "Verify code and continue," and your Amazon account is now protected by app-based two-factor authentication.
To actually enable 2FA login protection, go to the Two Step Verification section of your Advanced Security Settings and click the Get Started button. Click Authenticator App, enter the 6-digit code that your app has just generated, and click the button labeled "Verify code and continue," and confirm by clicking the "Turn on Two-Step Verification" button.
(Technically, two-factor authentication requires the authenticating device to be separate from the one that you're using to log into something. So some websites will use the umbrella term "two-step verification" to cover scenarios where your phone is being used to both generate a code and log into something.)
FOLLOW Download.com on Twitter for all the latest app news.
Gadget-based two-factor authentication
In some cases, the second factor doesn't even use a code generating app. Google, for example, offers the Titan Security Key, a fob that works via Bluetooth or USB to protect your Google accounts, though it currently only works with the company's Chrome web browser.
Without this physical device present and activated, you're not getting in -- though Google also has an odd habit of defaulting to trusting a web browser if it's successfully logged in recently.
So if locking down your Google account with a Titan key is particularly important to you, keep an eye out for pre-checked boxes on the company's login pages, and uncheck them before logging in.
- 5 things you can do in 5 minutes to boost your internet privacy
- How to use a virtual private network (VPN) to increase your internet privacy
- How to stop paying extra for App Store subscriptions on iPhones and iPads
- Why more people don't use simple two-factor authentication (CNET)
- New tool automates phishing attacks that bypass 2FA (ZDNet)
- Have tech companies taken two-factor authentication too far? (TechRepublic)