LinkedIn announced two-factor authentication recently. This is all about security. I thought about whether I should turn this on to my account and I answered ‘nope’.
What Is Two Factor Authetication?
It’s a security measure to make it harder for others to break in or steal your account access. It does this by requiring two separate paths to verify you are the account owner. One is typically a password while another is your cell phone number that they communicate with when you attempt access from an unknown computer.
Here’s how it might work. You are on your home computer and the first time you login after two-factor setup is a text comes to your phone with a code that you have to type in. Also after you enter your ID and password you’re in and a cookie will be setup on this computer. The next time you attempt to login it will see that cookie so the computer is trusted and it will only require your password and no texting is needed. If you attempt this on your friends computer it will require a text and, hopefully, you won’t check the box saying you want to ‘trust’ this computer. A text will come and it will allow you in for just this one session.
Why Do I Need It?
Because nefarious types have computer programs that can easily guess your password. There are also a lot of tricky things on the internet that will find ways to steal your password. Either through breaking into the companies or key-logging (watch what you type) or social hacking. Two Factor Authentication means it is much harder to get into your computer even if they steal your password.
I liken this to having a chain lock on a door versus a deadbolt. It’s a lot harder to get through that deadbolt. On the internet there is comfort in numbers. Much of the stealing and break-ins are crimes of convenience. You have learned to lock your car doors and this does not prevent a thief from breaking in but in a world with many cars there are people walking around checking door handles to see if it is open. If it’s locked they’ll move to the next car and the better the lock the fewer the number of people that will try hard to get in. There are easier pickings in other places.
When Do I Need It?
This is a very good question and Lifehacker has a good post discussing it. I mentioned that Linked In has Two Factor Authentication. You only want to use this when you need it because it can be a bit of a hassle. I answer this by going through the following questions:
- Can they get direct access to any financial accounts
- Can they get information used to get into a financial account?( think social security, parents maiden names, security question answers and yes this includes my birth date)
- How would I feel if all the information got put up on a web page on the internet. This is more for social embarrassment or personal privacy preference and includes HIPAA like health information.
I don’t use two-factor on my LinkedIn account because the worst case scenario is a person that wants to hurt me logs in and starts posting things as me and puts bad information on my profile so my professional network sees it. I think this is not a likely scenario and I can live with this scenario. If someone wants to impugn my reputation they can start a new website and then searches on my name will bring up any information they want to place out there.
I setup two-factor on my email accounts because account number and correspondence contain all the information needed to get access to an account via security questions. So I recommend everyone establish this on email.
You should develop your own rules that govern how secure you want your information.