2 Step Verification

One of the most important advances in credential security is two-step authentication. Two-step authentication relies on the idea that services are more secure if you access them with something you know (i.e., your passphrase), and something you have (i.e. physical access to your phone). With 2 step authentication, each log in will require an extra step after you input your password: you’ll be prompted to enter a 6-digit code that is displayed only on the device you have control over. This code can come to you via SMS from the service itself (as is the case with Twitter), or is displayed in an app on your phone (such as Google Authenticator or Authy). That way, if someone ever gets your password, they still could not log in as you unless they had physical control over your phone as well.

Click here to enroll in 2-Step Authentication for your SU Google Apps Account

Turn on two-step authentication for any and all services that you can, starting with your gmail account. Better yet, get a YubiKey, a small USB device that you either plug into your computer, or tap to your phone using NFC, to enable this securely. In the event that you get phished (it happens to the best of us!) no one will be able to use the password they recovered because they would also need to have access to your Yubikey to make use of it.

The website Two Factor Auth has an exhaustive list of services that support 2 step authentication, as well as direct links to directions for enabling it everywhere it’s available.

Google Two Step Verification

If you haven't already enabled Google Two Step Verification you may want to watch this brief video.