Security

Two-factor authentication: A good first step after Heartbleed

Yes, you should switch your passwords for services affected by the Heartbleed security vulnerability. But you can do better than that.

Some of today’s most popular web services let users enable a two-step, or two-factor, sign-on process that can apply an additional layer of authentication by asking for a code from a text message, a smartphone application, or a key fob.

That looks like a brilliant idea now that lots of companies have fessed up about being affected by Heartbleed since media outlets and bloggers first hit their emergency alarms about it.

Grabbing a one-time password off a device other than the main one you’re using in order to log in won’t prevent all risks, but it can make the job harder for people looking to grab key information from you, Paul Ducklin of security vendor Sophos wrote in a post yesterday on company blog Naked Security.

“[W]hile it wouldn’t have made heartbleed less of a bug, it would have made any passwords harvested by means of the bug much less useful, perhaps even useless,” Ducklin wrote.

Indeed, file-sharing company Box is encouraging people to set up two-factor authentication, following its introduction of the feature in 2012.

“If I could ask you to do one thing — turn on two-factor authentication today,” Box security director Joel de la Garza wrote in a blog post on Friday.

He went on to encourage people to use single sign on for Box, too.

More about the companies and people from this article:

Box was founded on a simple, powerful idea: it should be easy for people to access, collaborate, and share all their content, wherever they are. Co-founders Aaron Levie and Dylan Smith, along with our fast-growing team, have since esta... read more »

Powered by VBProfiles

0 comments