With the password’s fading usefulness, we have to seriously consider two-factor authentication as the minimum level of security for any site dealing with sensitive information. I have been using the PayPal “football” for years as a second factor on both PayPal and eBay. I’ve implemented Yubikey and Google Authenticator on LastPass and Google Authenticator on Dropbox. But these aren’t the only ones out there. There is, of course, the well known RSA SecureID, but here’s a few two factor authentication providers you may want to look into.
- Yubikey – a USB hardware token that is in essence a second authentication method based on a unique physical token which cannot be duplicated or recorded, providing a credential based on something only an authorized user possesses. Used with a standard username and password, the YubiKey provides a strong, two-factor authentication to any site, service or application.
- Google Authenticator – provides a six digit one-time password users must provide in addition to their username and password to log into Google services. The Authenticator can also generate codes for third party applications, such as password managers or file hosting services.
- PayPal Security Key – The PayPal Security Key creates random temporary security codes that help safeguard your PayPal account when you log in. There are two types: A credit-card sized device (the “football” is no longer available); and, security codes sent by text message to your mobile phone. (I actually use both.)
- Duo Security – Uses a mobile phone similar to Google Authenticator. Duo’s solution is cloud-based.