Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

SQLAndy

I'm Andy Warren, currently a SQL Server trainer with End to End Training. Over the past few years I've been a developer, DBA, and IT Director. I was one of the original founders of SQLServerCentral.com and helped grow that community from zero to about 300k members before deciding to move on to other ventures.

Two-Factor Authentication

Something you have and something you know – that’s the heart of two-factor, sometimes called multi-factor, authentication. RSA was for years the most common. You use either the key fob hardware device or the software app to get a ‘code’ that you enter in addition to your ID and your (hopefully) strong password. The code changes every minute. Assuming the host site/app correctly implements it a stolen password isn’t enough for your account to be compromised. More recently the cell phone has become the second “factor” as a device you typically always have with you. I’ve been using Google Authenticator on my Android phone and it seems to work reasonably well. Visit a site that supports two-factor, enable it, then use the phone app to scan the QR barcode and finally enter the code that shows up on the phone. It allows you to mark certain devices as trusted, meaning that once you authenticate from say your work computer you only need your ID/password on that device going forward. The initial set up isn’t bad, I think the biggest downside (aside from having to lookup the code to login!) is when you get a new phone. I’ve read – but not tried – that you can save the images of the QR codes to make it easier to set up again. I’m not recommending that, but if you do, secure the images well.

Before you get started, remember that security is always about risk management – you can use two factor everywhere it’s available, or decide to only use it in places you consider high-value/high-risk.

There’s a small list on Lifehacker, and a more extensive list here of sites that support two-factor. Give one a try and see what you think.

Comments

Leave a comment on the original post [sqlandy.com, opens in a new window]

Loading comments...