SEARCH

Two steps to side-step the hackers

R. Dinakaran
Comment (1)   ·   print   ·  

Are you so paranoid that you always check whether anyone is looking over your shoulder before you type passwords? Do you change passwords every week? If so, this article is for you. Passwords have always been the target of hackers.

And there are firms thriving by just making software that create or remember passwords (or even do both). Sometimes, we get an eerie feeling that it is just a matter of time that we are a target of some password hacker. Is there no way out? There is one way: It is to secure the service use through multiple layers of security. It is just like using multiple locks in our houses. The question is, are multiple layers of security available in all services?

No. But increasingly most services have started deploying multiple layers. What if the service doesn’t have multiple layers? Just don’t use it. Switch to one that has. What is multiple layer authentication? It’s one more step you have to do to access your account - apart from the password. How does it work? Once you log in, a code is sent to your phone; or an app in your phone generates a code that you can key in.

Do email or banking service providers have such a facility? If I say Gmail and Yahoo! do, there are many who are surprised. Gmail has become the most widely used email service. And the good thing about it is that it provides the option of using two layers of security. It calls it two-step authentication. How does it work?

Key-in code

Once you log in using your password, a second screen opens, where you are asked to key-in a code that will be sent to your phone, either as an SMS or as a voice call. There is also an option of generating the code in the mobile instead of SMS or voice call. The advantage of this is that even if your password is hacked, or one of your ‘friends’ steals your password, they still cannot access your account. Of course, they can, if they can access or steal our phone. But if it happens, it is you who is to blame. It is like using two locks in the door and leaving the keys in the lock. This is not enabled by default in Gmail. How do you set it up? Here it is in Gmail’s own words: To set up two-step verification: Sign in to your Google Account and go to the 2-step verification settings page under ‘Account’.

You can even go directly to https://www.google.com/ settings/account and follow the instructions. Once you set it up, every time you log in to your Gmail account, you will be sent the code as an SMS or voice call. Alternatively, you can use the Google Authenticator app to receive codes even if you don’t have an Internet connection or mobile service.

To set this up, first you need to complete the SMS/Voice setup. Then, go to the two-step verification settings page and click on Android, Blackberry, or iPhone, then follow the directions for your type of phone. The Google Authenticator app is available on Android devices, iPhones, and BlackBerry devices -- to generate verification codes. The application doesn't require an Internet connection, mobile service, or a data plan to generate verification codes. It may sound a little difficult, but it is worth it.

Verification SMS

Yahoo! does it differently. Here once you set up two-step authentication, you will get a verification SMS or voice call only if you sign in from another browser. In Yahoo! email, click the Hi <your name> on the top left. In the drop-down, select Account Info, and in Account Info, select ‘Set up your second sign-in verification’ and follow the instructions. They are similar to Gmail’s, except that Yahoo doesn’t have an app. What about banking accounts? Unfortunately, not many banks offer it. Isn’t it risky? Yes, but we have to wait till the banks realise its importance and come up with something like what Gmail and Yahoo have. But all banks have a ‘Transaction password’ as a second step whenever you have to transact using an online account. Banks like ICICI have a third layer too -- a random grid number that has to match the one in your debit card. HDFC bank uses a set of questions and changes them every time you transact.

dinakaran.rengachary@thehindu.co.in

(This article was published on November 26, 2012)
XThese are links to The Hindu Business Line suggested by Outbrain, which may or may not be relevant to the other content on this page. You can read Outbrain's privacy and cookie policy here.

Comments:

Respected Sir , you forgot to mention SBI , the good old SARKAARI bank ,
which has one of the best online banking service , every transaction
that i carry out using my SBI netbanking account is authorized by keying
in OTP (One Time Password), that customer receives on his registered
mobile phone number via sms.

from:  Gaurav
Posted on: Nov 26, 2012 at 17:28 IST
This article is closed for comments.
Please Email the Editor

Comments to: web.businessline@thehindu.co.in. Copyright © 2014, The Hindu Business Line.