Dark Light

Recently, Jeff Atwood showed how to make your Google account (and therefore gmail, youtube etc.) more secure by enabling their 2-Factor authentication system.

(2 Factor Authentication is the same kind of thing some banks use, where you get a keyfob thing and type in a number as well as your username and password, so even if you have the password you also need to have stolen the physical object).

Paypal have had a similar system for years, and every time I mention that I use it people say “I didn’t know you could do that!”, so, some instructions:

Paypal uses SMS messages for the second factor. This is better than an app-based solution because it continues to work even if you’ve had to wipe or replace your phone.

  1. Go to Paypal.com and log in
  2. Hover over “Profile” (Far right of “Overview” in the gray secondary tab bar)
  3. Click on “My Account Settings”
  4. Click “Update” next to Security key
  5. Click “Get Security Key”
  6. “Register your Mobile Phone”
  7. Follow the instructions.

And there. Now every time you log into your paypal account you’ll get an SMS message with a six digit code that you need to plug into the site. You can bypass this a few times if you don’t get the message, or don’t have your phone.

It’s not perfect, but it’s better than username/password.

(I know paypal are occasionally incompetent to the point of actual evil, but if you do use them, there’s no reason not to try to keep your account secure.)

Enhanced by Zemanta
2 comments
  1. Interestingly, I had that already enabled when I saw the Coding Horrors post… It’s a lot less of a nuisance than 2-factor email authentication could be, as you only need to log in relatively rarely.

  2. The email one isn’t too bad, as the 2 factor only applies to the web login, and only requires the second factor every 30 days on trusted machines.

    For things like POP and IMAP you create one-time passwords for each application that you can revoke at will.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts