#NoHacked: Using two-factor authentication to protect your site
Stay organized with collections
Save and categorize content based on your preferences.
Monday, August 10, 2015
Today in our #nohacked campaign, we'll be talking about two-factor authentication. Follow along
with discussions on Twitter and
Google+
using the #NoHacked tag.
(Part 1,
Part 2)
There was once a time when having a relatively strong password or answering a security question
was a reasonable way to protect your online accounts. However, according to
a study from Stop Badware,
stolen credentials is a common way for hackers to compromise websites. Additionally, even
reputable sites can fall victim to hacking, potentially exposing your personal data like passwords
to attackers.
Fortunately, two-factor authentication can help you keep your accounts safer. Two-factor
authentication relies on an additional source of verification, in conjunction with your password,
to access your account. You might have used two-factor authentication before if you have ever been
prompted for a code from your phone when logging into a social media site or from a chip card
reader when logging into a bank account. Two-factor authentication makes it more difficult for
someone to log into your account even if they have stolen your password.
As a website owner, you should enable two-factor authentication on your accounts where possible.
A compromised account can cause you to lose important personal data and valuable reputation for
your site. Two-factor authentication can give you the ease of mind that your accounts and data are
safer.
Google currently offers
2-Step Verification for all
of its accounts, including accounts from Google Apps domains. You can use your phone, a hardware
token like a
Security Key,
or the
Google Authenticator app
to verify your account. These options give you flexibility when traveling or when you don't have
access to the mobile network.
If your hosting provider,
Content Management System
(CMS), or any type of platform you use for managing your site doesn't offer two-factor
authentication, ask their customer support for an option to use two-factor authentication in the
future.They can build two-factor authentication into their own platforms using
Google's open source code.
If your platform or hoster doesn't provide strong protection against unauthorized access consider
hosting your content elsewhere. You can see a list of websites that support two-factor
authentication, including what types of authentication options they offer, at the
TwoFactorAuth site.
If you have any additional questions, you can post in the
Webmaster Help Forums
where a community of webmasters can help answer your questions. You can also join our
Hangout on Air about Security
on August 26.
Posted by: Eric Kuan, Webmaster Relations Specialist and Yuan Niu, Webspam Analyst
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],[],[[["\u003cp\u003eTwo-factor authentication (2FA) significantly enhances online security by requiring an additional verification step beyond passwords.\u003c/p\u003e\n"],["\u003cp\u003eStolen credentials are a leading cause of website compromises, making 2FA crucial for protecting accounts and personal data.\u003c/p\u003e\n"],["\u003cp\u003eWebsite owners should enable 2FA on all accounts, and consider alternative platforms if their current ones lack this feature.\u003c/p\u003e\n"],["\u003cp\u003eGoogle provides 2-Step Verification with flexible options, and website platforms can integrate 2FA using Google's open source code.\u003c/p\u003e\n"],["\u003cp\u003eFor further assistance, resources like the Webmaster Help Forums and a Security Hangout on Air are available.\u003c/p\u003e\n"]]],["The #nohacked campaign focuses on two-factor authentication (2FA) as a crucial security measure against stolen credentials and website compromises. Website owners should enable 2FA on their accounts, as compromised accounts can lead to data loss and reputational damage. Google offers 2-Step Verification using phones, Security Keys, or the Google Authenticator app. If platforms lack 2FA, users should request it and consider alternative hosts. Resources include the TwoFactorAuth site and Webmaster Help Forums.\n"],null,["Monday, August 10, 2015\n\n\nToday in our #nohacked campaign, we'll be talking about two-factor authentication. Follow along\nwith discussions on [Twitter](https://twitter.com/googlesearchc) and\n[Google+](https://plus.google.com/+GoogleWebmasters)\nusing the #NoHacked tag.\n([Part 1](/search/blog/2015/07/nohacked-how-to-avoid-being-target-of),\n[Part 2](/search/blog/2015/08/nohacked-how-to-recognise-and-protect))\n\n\nThere was once a time when having a relatively strong password or answering a security question\nwas a reasonable way to protect your online accounts. However, according to\n[a study from Stop Badware](https://www.stopbadware.org/files/compromised-websites-an-owners-perspective.pdf),\nstolen credentials is a common way for hackers to compromise websites. Additionally, even\nreputable sites can fall victim to hacking, potentially exposing your personal data like passwords\nto attackers.\n\n\nFortunately, two-factor authentication can help you keep your accounts safer. Two-factor\nauthentication relies on an additional source of verification, in conjunction with your password,\nto access your account. You might have used two-factor authentication before if you have ever been\nprompted for a code from your phone when logging into a social media site or from a chip card\nreader when logging into a bank account. Two-factor authentication makes it more difficult for\nsomeone to log into your account even if they have stolen your password.\n\n\nAs a website owner, you should enable two-factor authentication on your accounts where possible.\nA compromised account can cause you to lose important personal data and valuable reputation for\nyour site. Two-factor authentication can give you the ease of mind that your accounts and data are\nsafer.\n\n\nGoogle currently offers\n[2-Step Verification](https://www.google.com/landing/2step/) for all\nof its accounts, including accounts from Google Apps domains. You can use your phone, a hardware\ntoken like a\n[Security Key](https://support.google.com/accounts/answer/6103523),\nor the\n[Google Authenticator app](https://support.google.com/accounts/answer/1066447)\nto verify your account. These options give you flexibility when traveling or when you don't have\naccess to the mobile network.\n\n\nIf your hosting provider,\n[Content Management System](https://en.wikipedia.org/wiki/List_of_content_management_systems)\n(CMS), or any type of platform you use for managing your site doesn't offer two-factor\nauthentication, ask their customer support for an option to use two-factor authentication in the\nfuture.They can build two-factor authentication into their own platforms using\n[Google's open source code](https://github.com/google/google-authenticator).\nIf your platform or hoster doesn't provide strong protection against unauthorized access consider\nhosting your content elsewhere. You can see a list of websites that support two-factor\nauthentication, including what types of authentication options they offer, at the\n[TwoFactorAuth site](https://twofactorauth.org/).\n\n\nIf you have any additional questions, you can post in the\n[Webmaster Help Forums](https://support.google.com/webmasters/go/community)\nwhere a community of webmasters can help answer your questions. You can also join our\n[Hangout on Air about Security](https://plus.google.com/events/csqjnqe8vl28qbn526makjecobc)\non August 26.\n\n\nPosted by: Eric Kuan, Webmaster Relations Specialist and Yuan Niu, Webspam Analyst"]]
