5752309755_0932b0efb4

Secure Your Accounts Today with Two-Factor Authentication


When talking about security and securing our online accounts, there are many ways of doing it: [1] Creating an easy-to-remember but hard-to-crack passwords and not writing it down on any piece of paper (or a text file); [2] Installing an anti-virus, anti-spyware, anti-malware, and running these software regularly (if these just sit on your computer then it’s pretty much useless).

Of course there is the most common suggestion or lesson for all – changing your habit. The big YOU. You don’t respond to obvious scam and spam emails, instant messages, or visit sites you shouldn’t be visiting, or clicking on links without checking if it was faked/masked or not.

But there is one not-so-new security method that adds another effective layer in keeping our digital accounts more secure. The Two-Factor Authentication (TFA/2FA) or Multi-Factor Authentication (MFA). I will give you a short rundown about it and provide a list of known online services offering this new security layer, so you can start securing your online accounts today.

Multi-Factor or Two-Factor Authentication according to Wikipedia is:

…an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something the user knows“), a possession factor (“something the user has“), and an inherence factor (“something the user is“).

Breaking it down more clearly:

  • Something the user knows: password, PIN, etc.
  • Something the user has: smartcard, ATM card, USB key, dongle, mobile phone (for authenticator app or SMS/text or phone call), etc.
  • Something the user is: biometric characteristic such as a fingerprint, eye-scan, DNA scan, etc.

It is not new, it has been around for a long time but it was only a few years ago that online services started implementing TFA/MFA. Today, with so many illegal access to people’s accounts going on, more services are adopting this technology. If I will take a guess here, 2011 and 2012 saw the largest adoption of TFA, and the list keeps growing.

In simple words, by adding another factor to your online account, you add another layer of security protection. Making it much more harder for unauthorized people getting access to your account. The most common method today is by adding a mobile authentication app, or an SMS authentication feature, or email authentication. Personally, I prefer the mobile app authentication method over SMS and email for various reasons, but we will not go through the advantages and disadvantages of each method today.

This list is just a sample of the online services that offers Two-Factor Authentication / Multi-Factor Authentication, listed in alphabetical order. I will try to keep this updated, as I find new sites offering TFA/MFA. You can also leave a comment for new entries to this list and I’ll check it out (or better yet, provide the needed data too).


* as of Tuesday, 2013-07-23 17:30+0800

  • Amazon Web Services
  • ArenaNet (selected services only)
    • Services: Guild Wars 2
    • Known as: Two-Factor Authentication
    • Activation: GW2 TFA
    • Methods offered:
      1. Smartphone app (Google’s “Authenticator” app)
      2. email
    • Recovery: Contact form
  • Battle.net
  • DreamHost
  • Dropbox
    • Known as: Two-step verification
    • Activation: How do I enable two-step verification on my account?
    • Methods offered:
      1. Smartphone app (Google’s “Authenticator” app; Amazon’s “AWS Virtual MFA” app; slugonamission’s “Authenticator” app)
      2. SMS/text
    • Recovery: Login to the website and you will see this link “I lost my phone”.
  • eBay (all sites)
    • Known as: (PayPal) Security Key
    • Activation: Security Key Activation
    • Methods offered:
      1. Smartphone app (Symantec’s “VIP Access” app)
      2. Physical authenticator
    • Recovery: Contact form
  • Etsy
    • Known as: Two-Factor Authentication
    • Activation: Security Settings
    • Methods offered:
      1. SMS/text
      2. Phone call
    • Recovery: 5 one-time use backup codes
  • Facebook
    • Known as: Login Approvals
    • Activation: How-To Activate Facebook’s Two-Factor Authentication
    • Methods offered:
      1. Smartphone app (official “Facebook” app)
      2. SMS/text
    • Recovery: ???
    • Note: The system only challenges suspicious logins (e.g. new and/or rarely used IP address).
  • Garena (all sites)
    • Known as: 2-Step Authentication
    • Activation: Login and go to your account settings page
    • Methods offered:
      1. Smartphone app (“Garena Authenticator” app)
      2. SMS/text
    • Recovery: Contact form
    • Note: The system only challenges suspicious logins (e.g. new and/or rarely used IP address).
  • Google (all sites)
    • Known as: 2-step verification
    • Activation: Setup SMS, Voice, and Smartphone app
    • Methods offered:
      1. Smartphone app (Google’s “Authenticator” app)
      2. SMS/text
      3. Phone call
    • Recovery: 10 one-time use backup codes
  • HSBC
    • Known as: HSBC Authenticator
    • Activation: Call your HSBC branch and ask for it
    • Methods offered: Physical authenticator
    • Recovery: Call your HSBC branch and inform them that you lost your physical HSBC authenticator
  • LastPass
    • Known as: Two-Factor Authentication / Multi-Factor Authentication
    • Activation: Login to the website, then go to Settings > Google Authenticator
    • Methods offered:
      1. Smartphone app (Google’s “Authenticator” app)
      2. Physical authenticator
    • Recovery: Login to the website and you will see this link “If you lost your Google Authenticator device, click here to disable Google Authenticator authentication”.
  • Microsoft (selected services only)
    • Services: billing.microsoft.com; xbox.com to buy points; SkyDrive when you remote to another computer
    • Known as: Two Factor Authentication
    • Activation: It’s activated automatically, if I understood it correctly. You can read the FAQ here.
    • Methods offered:
      1. Alternate email on account
      2. SMS/text
    • Recovery: ???
  • PayPal
    • Known as: PayPal Security Key
    • Activation: PayPal Security Key
    • Methods offered:
      1. Smartphone app (Symantec’s “VIP Access” app)
      2. Physical authenticator
    • Recovery: ???
    • Note: Activation of TFA on PayPal requires calling their US office. If you only have a mobile phone, you are out-of-luck, unless you are willing to incur extra charges.
  • Personal Identity Portal
    • Known as: VIP Credential
    • Activation: Login, go to My Account, scroll down, look for the link “Get free mobile credential”.
    • Methods offered: Smartphone app (Symantec’s “VIP Access” app)
    • Recovery: Login to the website and you will see this link “Click here if you don’t have your VIP credential”.
  • RIFT®
  • Sony Online Entertainment
  • WordPress.com
    • Known as: Two-Factor Authentication
    • Activation: Login and go to Account and Security
    • Methods offered: Smartphone app
    • Recovery: Recovery codes
  • Yahoo!
    • Known as: Second Sign-in Verification
    • Activation: Yahoo! Account Info
    • Methods offered: ???
    • Recovery: ???
    • Notes:

* as of Tuesday, 2013-07-23 17:30+0800


Image source: Multi factor authentication by dogsbodyorg licensed under CC By-SA 2.0.

Share and Enjoy

  • Google Plus
  • Facebook
  • Twitter
  • StumbleUpon
  • Tumblr

flattr this!