Hopping on to open airport wireless networks or checking your email from hotel computers are great conveniences but can expose your online accounts to password theft. One way to reduce the risk is to manage your passwords digitally but passwords can be stolen in a number of ways and places, such as Internet cafes.
You can significantly improve the security for most things your log in to daily – even from password breaches the like 5 million Gmail accounts exposed recently – by using two factor authentication. Most tutorials however emphasize working with an active phone number, which you might not always have if you’re traveling frequently. In a process that should take you about 2-4 minutes per account, here’s how to set up and use two factor authentication even when you’re dialing long distance.
When you log in to, say, Facebook with a password, that’s one factor: something you know. So all someone needs to do to access your account is know the same thing – in this example, your password. The more complicated a password, the more difficult it is to guess, but passwords can simply be lifted from keyboards or swiped from databases you have no control over.
Two factor is adding something you have along with something you know. Like when you withdraw money from an ATM, the card is something you have and PIN something you know; both are needed to get cash. Imagine if someone could take money from your account just by guessing your PIN (from anywhere in the world); that’s what solely relying on a password is similar to.
Most two factor authentication setups online use a mobile phone (something you have) to text you a code that’s needed to log in to Gmail, for example, along with your password. You can see where this might cause some apprehension on a frequent traveler’s part – what if you’re traveling and can’t receive that text?
First Step: One-Time Phone Number For Non-Android Users
Android users can set up 2-step verification using the free Google Authenticator app for Android without needing an active phone number. (Any wireless Internet connection will do.) On iPhone and other devices, initial set up does require you to have a phone number. (Sorry a SkypeIn or Google Voice number won’t cut it.) Your best bet is to unlock your phone, grab a local SIM card [call mom] then get started by downloading Google Authenticator for iOS.
Next, you’re going to want to enable two factor authentication on all of the sites that Google Authenticator works with. I’ve listed how-to links to some popular sites below but basically the process is enable, wait for message with code, input code into site, done.
Additionally, there are a few other sites compatible with the Authenticator app Google’s Matt Cutts lists here. Not to mention this very long list of sites (like Amazon) that don’t work with Authenticator per say but have two factor as an option. Authy, a very inexpensive but not free, service extends two factor authentication to a number of those sites, whether you’ve got a phone or not.
Some of the sites above let you set up with Google Authenticator right from the beginning so if you followed the steps above for Dropbox or Google on an Android device you don’t need to read further. Everyone else, you won’t need a phone number at this point, only to follow a few more steps linked below.
For convenience (and in case you forget your phone) it’s also a good idea to configure the Google Authenticator on other devices if you travel with a tablet instead of laptop, for example.
Digital Security Isn’t Jenga
Remember that no security is absolute so although you’ve got the major benefits of two factor authentication, still don’t use the same password for all of your accounts and just as you would to sext securely when traveling, be ready to remote wipe your phone in case it’s stolen or lost. Speaking of, you should probably enable two factor for iCloud, but beware it won’t protect any photos you upload to the service.