Want Secure Email and Cloud Storage? Do the Two Step
Getting hacked can be a real pain. You have to change all of your passwords, contact your financial accounts, and pray that there wasn't any truly sensitive information floating around in your inbox (such as a social security number). And if this is your professional account, you likely have sensitive client information in your inbox as well.
Did we mention that more hackers are now aiming their keyboards at lawyers?
Lawyer ethics require you to take reasonable measures to protect your clients' information. What's the new standard of reasonable?
It's the two step.
Two-step verification requires users to enter a password followed by a second piece of information. The most common form, already in place at Google (if you enable the feature) and coming soon to Microsoft accounts, is the password + text message code system.
It works like this: you log in with the password. If you are doing so from an unfamiliar computer or device, the system sends a text message to the mobile phone number that you have on file. That message contains a code or passphrase. You then enter that into the site.
This two-step ensures that no one can access your account without both the password and your mobile phone. This makes you extremely hacker-resistant (there's no just thing as hacker-proof).
Is it a pain in the rear to have to enter multiple passwords and wait for text messages? Of course. You know what's worse? Being sued by a client because all of their personal information was dumped onto the Internet.
Future forms of two-step authentication could include other methods of verifying your identity besides waiting for a text message, such as biometrics. As we relayed to our readers last week, Apple's upcoming iPhone 5S is rumored to have a fingerprint scanner built in to the home button. We wouldn't expect that to become the new normal, as every device you use would have to have such a scanner, but it could become a quicker alternative.
Related Resources:
- Doing the Two-Step, Beyond the A.T.M. (New York Times)
- App Data Permissions Scrutinized; There's an App for That (FindLaw's Technologist)
- Prank Employees, Test Security in One Fell Swoop (FindLaw's Technologist)