This is the third and final article in the in a series that presents an opinionated and hopefully simple way to protect your online accounts. To see the motivation as to why I'm writing this article, please see the first article in this series.
In the previous article we setup Google Chrome with some extensions, one to ensure that you're traffic on the internet is encrypted, and we setup the password manager LastPass. So you may be thinking something along the lines of: "You've already had me install something to manage my passwords, and there is no way I could remember let alone type one of those passwords. Why do I need this as well?".
That is a good question and a fair one, we've added these extensions specifically to make life easier - so you don't have to remember to look on your web browser to see if it has a little green lock. We also have removed the need for you to think of and create passwords that are hard for you and a computer to remember.
The ATM Machine Example
This last piece can be likened to using ATM machine, when you use an ATM you go through three steps:
- You identify you are in the right place. When you go to an ATM you can typically find them at a familiar place like the bank itself, a grocery story, etc.
- You pull out your debit or ATM card and insert it into the machine.
- You enter your pin number into the ATM machine to get access to your account.
So with the work in the previous article we have completed the first and third steps.
You can have a certain level of confidence knowing that you are in right place because it is familiar, for example a bank like Chase Bank or https://www.chase.com/. Also by using HTTPS Everywhere, you can have a measure of confidence that whatever you send to that website is encrypted and can't be read by anyone else.
The third part of this is the pin number that we use to access your account. This pin number or password is now being generated and managed by LastPass. Also if you ever happen to find yourself in a site that is clamming to be something that it is not. LastPass will not automatically attempt to fill in your login information for that particular site.
The last past thats missing in this case is the ATM card. Which is a great segue into the Multi-factor authentication.
Multi-factor authentication and is used a way to verify you are who you claim do be by using something you know (password) and something you have (like an ATM card). For this section we will be using our cell phone as the something we have. For this particular part we will be using a software called Authy. Authy is a free software that creates a second check to verify that you have a physical item (again think ATM card) that is allowed to access your account. As of the time of this writing, Authy can be used to provide this second check for email accounts, banks, social media accounts and many more.
Step number one though is to download the software from https://authy.com/download/. So while I said above we are going to use our cell phone, the reality is that Authy can be run in your web browser (or Chromebook), on your Windows machine, or on a Mac. But to keep things simple and opinionated please use the Android or iPhone option.
Step number two is to add an account to Authy. Let's use our new LastPass account!