Doing the two step
In a nutshell, you enter your password, a code is sent to your cellphone number, which you previously set up on your account. Retrieve the code and enter it in the box when prompted.
If you are trying to login to a Google site or a Facebook site, you can get a prefetch of codes in sets of 10, (see below) which are good for 10 logins.
There is no charge to get them and no charge to replace them if you lose them. The box to enter one comes up right after you enter your password and there is no need to use your phone to wait for a code to be delivered.
This is what a prefetch looks like.
 |
| By the way, we made these up. They are not authorized for logins. |
The extra step will cost you about 3 minutes longer to complete a login, but the extra layer of security is priceless.
There are two downsides to using your phone for a one time code to be delivered to finish the second step:
1) If your account gets hacked and your phone number is your actual login to your account, then the hacker knows your phone number and will have access (to intercept) the code that is sent to your phone. He enters it and he is now You.
2) If you lose your phone, you are dead in the water, locked out of your Facebook account or Google account. However, Cally has a suggestion to fix this situation.
- If you lose your phone, acquire another cellphone for use until either you find yours or replace it. Either a pay as you go phone or borrow one from a family member or friend.
- Then go online to your mobile carrier's website (where you pay your bill and manage your features.)
- Choose the option to put all calls and texts on call forwarding to the replacement cell phone number.
- Test the replacement phone to make sure it is correctly receiving calls and text messages. Do this by calling your real cellphone from a landline. What you are looking for is for your call to be forwarded to the replacement cellphone so it rings.
- When you know the call forwarding worked for "voice" then you need to check it for texts. Not every model phone or carrier will forward a text. In that case, in the setup process, you need to check the box where it asks you if you want codes delivered by a phone call or by a text. Choose PHONE CALL so when the call is forwarded, you can listen for the codes. Enter the numbers in the prompt box and you are logged into your account.
Cally predicts you will use this remedy about three times before you get fed up and replace your old phone with a permanent phone. lol
Of course, the best remedy is to not use your cellphone at all. Use the pre-fetched codes that we discussed earlier in this post. They don't expire, but they can only be used once. If you accidentally re-enter a code that you used previously, it will reject as a duplicate and will ask you for another code.
We admins have been using the two step authentication method for about 5 years. When we unhack people who have been hacked, we ask them to put the two step method on their account as well. However, we recommend using pre-fetch codes over the cellphone code because accounts set up with pre-fetch are virtually un-hackable. There is no way a hacker can have access to your prefetch codes. Sad to say, not many take us up on our suggestion after we get them unhacked.
You can read more about Google's two step process here:
https://support.google.com/accounts/answer/7026266?hl=en&ref_topic=7189145
No comments:
Post a Comment