Why? Because, as we’ve discussed on our blog on several occasions, passwords can be cracked. A dramatically more secure option is two-factor authentication. Passwords are a single factor: something you know. Two-factor authentication adds another factor, which can be something you have, something you are, or someplace you are. For example, some place you are may be the corporate network, and if you are not on it, the system is set to not allow you to log on. Something you are refers to biometrics, such as a fingerprint or retina scan. Something you have refers to a token of some sort, which used to be limited to those annoying dongles that we had to carry around on a keyring, with a string of seemingly random digits that changed every minute or so.
Fortunately, over the last couple of years, this technology, which used to be restricted to big companies with bigger budgets, has been made available to the mass market. Anyone with a cell phone now can take advantage of the same level of enhanced security with a number of popular web services, but only if you turn it on. By default, these enhanced security features, which are now available with all of the websites mentioned previously, can be set to send a text message (a second factor, proving you are you by virtue of the fact that you have the phone). Some of these services also support the use of Google Authenticator, which provides the same service, only it does not require an SMS message to be sent, which is handy for those of us who spend time in the rural parts of Vermont without cell coverage, or have an iOS or Android device that is not a cell phone, like an iPad or a Galaxy Tab.
Note that you do not need to enter a code every time you do something that accesses your account. You will periodically, usually once a month or when you configure a new application or device to access your account, need to enter a code. Of course, this practice may vary from service to service.
If you have not yet enabled two-factor authentication for your accounts on the services mentioned above, you’re not as secure as you could be. If you want to do this, simple do a web search for your favorite service, like “evernote two-factor authentication” and follow the step-by-step instructions to make yourself more secure.