LPM Tip

Logo

Make e-mail more secure with two factor authentication

E-mail. It is both boon and bane. I cannot resolve all of your e-mail conundrums with one tip, but I can reduce your chance of being hacked.

Gmail subscribers can activate "two factor authentication" (TFA) to improve the security of their e-mail account. TFA simply means requiring two things to accomplish a task. For example, an Automatic Teller Machine (ATM) requires you present your ATM card (factor one) and input your PIN (factor two) before dispensing currency. The original TFA may have been the Biblical backstory of the word Shibboleth in which a tribe known as the Gileadites asked suspected enemies two questions to confirm their identities and loyalties. Those failing to answer both questions correctly were put to death.

Fortunately, Gmail's TFA is not so harsh. Once you activate TFA, Gmail requires two things to access your e-mail: (1) your password, and (2) a single-use verification code Google generates. Google offers three methods to receive this verification code: a standalone smartphone app that does not require a cell signal, a text message or a voice call. If you so choose, a log-in using TFA will remain effective for 30 days. This system is more secure than a password alone because a potential hacker needs both your password and the verification code (which is only available on your smartphone or other designated phone) to access your account.

A step-by-step video on implementing TFA in Gmail can be found at Matt Cutts' blog in an August 6, 2012 post entitled "Please turn on two-factor authentication." Matt, the leader of Google's Webspam Team, also debunks the some common misconceptions about TFA and provides links with more information on relevant topics. The website Lifehacker.com offers a written step-by-step guide to activating TFA for Gmail. Additionally, Yahoo and Facebook both offer TFA; see here and here, respectively. Yet, as of this writing, other common e-mail or communication services have not implemented TFA as thoroughly as Google.

You also should do your part by exercising password diligence. Use difficult-to-guess passwords and do not reuse passwords for multiple services. I appreciate that remembering multiple unique passwords is vexing. To manage numerous passwords you may wish to learn more about password management services. Both Stephanie Kimbro and I discussed password management solutions in this Lawyer's Weekly article. North Carolina practice management advisor Erik Mazzone's review of the password management program LastPass is also an excellent resource. Links to Erik's review and the websites of several password management program providers are available in a prior LPM tip. A direct link to that tip is at this LOMAP blog post.

Whatever online services you enjoy, whenever possible, employ two factor authentication to make your accounts more secure.

Tip courtesy of Scott L. Malouf (@ScottMalouf), Law Office Management Assistance Program (@MassLOMAP).

Published August 9, 2012

--------------------------------------------------------------------------

To learn more about the Law Practice Management Section, which is complimentary for all MBA members, contact LPM Section Chair Thomas J. Barbar or Vice Chair Stephen Seckler.
©2014 Massachusetts Bar Association