Almost everyone, except the most casual user, has some sort of online connection that requires a password. At the very least a person has an email address which, despite what I commonly hear, does require a password. For many services your email account can be the master account for many other services, such as:

Microsoft - Xbox, Office 365, OneDrive, OneNote, Windows 8 login, email (hotmail, live, outlook)

Google - Gmail, Google Docs, Google Drive, YouTube

Apple - iCloud, iTunes, Apple TV

For the hackers of the world, having access to your email account can be the Golden Ticket. With that they have access to a myriad of services and even request password changes to other services tied to your email account. With most email being accessible through a web browser hackers can try to break into your account using simple methods.

The key, literally, to all these services is your password. I've written before about the importance of a strong password but sometimes even that may not be enough or maybe a complicated password is too much to remember so people take the easy way out and go back to using their birthday, phone number or pet's name.

Two-Step Verification and How it Works

There is another security measure than can be put in place to help - two-step verification. It can also be called two-factor verification or authentication, but they are all the same. Simply, it means you need two methods to log into your account - a password and a special code. It was the absence of this feature on iCloud which contributed to having celebrities having their account hacked. Here is how it works:

1. Log into your account

2. You are then prompted for a code

3. Enter your code and you are then logged into your account.

Okay, but where do you get this code from? This can work several ways depending on the options that the service has. In this case I am using a Microsoft account which uses something called an Authenticator App on my smartphone to create a time sensitive, one-time use codes for various services. Everyone has this app available for their smartphones - Apple, Google, Microsoft and even Blackberry. Here is what the Google one looks like: in this example, from Google's website, it shows two different accounts it's creating codes for.

The circle on right is a countdown before the code refreshes with a new number
This takes about 30 seconds.

You also have the option of having the code sent to you via text message, emailed to another email address you have access to, or even have it sent to your home phone with a recorded message reading out the number.

What I really like about this is that even if I publicly posted my email address and password (which would be insane) a person would still need access to my phone to gain access to my account. More realistically, those who have had their username and password stolen from a phishing scheme (see my post on spotting a fake email) the person who stole your info still couldn't get into your account because they don't have that final necessary code.

Almost every company/service has some sort of two-step verification option: PayPal, Facebook, Twitter, those I already mentioned above, and many, many more.

Yes, this could be bothersome if you need to enter a code every single time you use your computer. Fortunately most services give you the option to "Trust this computer" so it will remember that is your personal computer and it's safe. Obviously never choose this option on a public computer.

How Do I Turn It On?

Now that you're convinced, how do you turn it on? I can't give you a lesson on every service that offers two-step verification but generally all you have to do is log into your account, whatever that may be, and go to your security settings (where you'd change your password) and look for something related to Two-Step Verification. If it's offered by the company/service you are logged into then you should see an option to "Turn On" two-step verification. From there you will be prompted as to how you want to receive your code.

I firmly believe in turning on this service. I'm sure it's not 100% guaranteed to protect your account but it goes a long way to preventing someone from accessing your account.