Hopping on to open airport wireless networks or checking your email from hotel computers are great conveniences but can expose your online accounts to password theft. One way to reduce the risk is to manage your passwords digitally but passwords can be stolen in a number of ways and places, such as Internet cafes.
You can significantly improve the security for most things your log in to daily – even from password breaches the like 5 million Gmail accounts exposed recently – by using two factor authentication. Most tutorials however emphasize working with an active phone number, which you might not always have if you’re traveling frequently. In a process that should take you about 2-4 minutes per account, here’s how to set up and use two factor authentication even when you’re dialing long distance.
Hey, Quickly, What’s Two Factor?
When you log in to, say, Facebook with a password, that’s one factor: something you know. So all someone needs to do to access your account is know the same thing – in this example, your password. The more complicated a password, the more difficult it is to guess, but passwords can simply be lifted from keyboards or swiped from databases you have no control over.
Two factor is adding something you have along with something you know. Like when you withdraw money from an ATM, the card is something you have and PIN something you know; both are needed to get cash. Imagine if someone could take money from your account just by guessing your PIN (from anywhere in the world); that’s what solely relying on a password is similar to.
Most two factor authentication setups online use a mobile phone (something you have) to text you a code that’s needed to log in to Gmail, for example, along with your password. You can see where this might cause some apprehension on a frequent traveler’s part – what if you’re traveling and can’t receive that text?
First Step: One-Time Phone Number For Non-Android Users
Android users can set up 2-step verification using the free Google Authenticator app for Android without needing an active phone number. (Any wireless Internet connection will do.) On iPhone and other devices, initial set up does require you to have a phone number. (Sorry a SkypeIn or Google Voice number won’t cut it.) Your best bet is to unlock your phone, grab a local SIM card [call mom] then get started by downloading Google Authenticator for iOS.
Next, you’re going to want to enable two factor authentication on all of the sites that Google Authenticator works with. I’ve listed how-to links to some popular sites below but basically the process is enable, wait for message with code, input code into site, done.
- Dropbox – Code required for every sign in; doesn’t require a phone number for setup with Google Authenticator.
- Gmail And Other Google Accounts – Devices can be set to remember you for a configurable number of days.
- Facebook – Codes only needed once per device, ever.
- tumblr – Same as Facebook, codes are only needed once per device.
- WordPress.com Blogs – Bloggers who use WordPress on standalone sites can download the free Google Authenticator plugin.
Additionally, there are a few other sites compatible with the Authenticator app Google’s Matt Cutts lists here. Not to mention this very long list of sites (like Amazon) that don’t work with Authenticator per say but have two factor as an option. Authy, a very inexpensive but not free, service extends two factor authentication to a number of those sites, whether you’ve got a phone or not.
Second Step: Link With Authenticator (Where Needed)
Some of the sites above let you set up with Google Authenticator right from the beginning so if you followed the steps above for Dropbox or Google on an Android device you don’t need to read further. Everyone else, you won’t need a phone number at this point, only to follow a few more steps linked below.
- How To Set Up Google Authenticator For Gmail And Other Google Accounts
- How To Set Up Facebook With Google Authenticator
- How To Use tumblr With Google Authenticator
- Using WordPress.com Sites With Google Authenticator
For convenience (and in case you forget your phone) it’s also a good idea to configure the Google Authenticator on other devices if you travel with a tablet instead of laptop, for example.
Digital Security Isn’t Jenga
Remember that no security is absolute so although you’ve got the major benefits of two factor authentication, still don’t use the same password for all of your accounts and just as you would to sext securely when traveling, be ready to remote wipe your phone in case it’s stolen or lost. Speaking of, you should probably enable two factor for iCloud, but beware it won’t protect any photos you upload to the service.
I’ve recently lost my age-old Google account due to two-step-verification, which prompted me to write this blog post about it: http://dare2go.com/two-step-verification-trap-for-travellers/
The authenticator is the lesser of all evil, but what happens if you lose your phone (due to carelessness, technical problems, or theft)? And then there are the few like me who don’t own a smart phone. My old Samsung (not quite as old as the Google webmaster account I lost) holds its battery for a week to 10 days, has excellent reception in difficult locations (something one can’t say about many smart phones), and slips easily into a pocket with keys, lighter, and change…
BTW: the is an app similar to Google Authenticator available for Apple devices: https://www.authy.com/thefuture
You didn’t have any of the backup auth codes or other authorized devices?
(Also, Authy is mentioned above. Good alternative but not as free as Google Authenticator 😉
No, I didn’t have any back-ups! As stated, I’m still using a non-smart phone from 2007, I only just entered the world of Androids with a Nexus 7, which I use for website testing and mostly as a GPS when travelling.
Before I last returned my laptop (when it was finally replaced under warranty) it didn’t hold USB connections anymore [all 3 ports], I guess due to a failure of the motherboard. You plugged in your external harddrive, it recognised it, and then lost it within maximum 3 minutes. Hence I couldn’t run a full back-up, only copied the most important directories over to my external drive (and forgot some of them too).
Anyhow: without back-up codes in paper form you’ll run into the same trouble if your smart phone develops problems! You can only use Authenticator on a new device if you are able to transfer it from the previous device!
And when we left Australia I really had so much stress that I didn’t think about my Google account. We sold almost everything, including car, appliances, furniture, etc., then packed the rest into storage, had to do some last minute repairs on our house in order to rent it out, go through inspections, cancel all sorts of insurances, phone, internet, this-and-that, then 6 days before leaving somebody crashed our second (already sold, but not yet transferred) car, we had to deal with insurance (who first wanted to pay too little for the written off car), cancellation of registration, towing bill, and so on – the fun when one ends his/her stable life to hit the road!
Yes, it’s another good reason to set up a backup phone number with someone you trust.
So, your story title was misleading, as you cannot enable without a phone. The phone requirement is pure evil.
The title is without a phone… number.