Web applications become smarter day by day. At the time of birth it was nothing but some static source of information. Now we use them everyday not only for information but many other utilities like email, banking, shopping, social networking and many more. Now web applications can offer personalized view for different users depending on the user’s identity. By the process in which we can send our identity to a web application is called Membership(login). The normal procedure of login is we need to provide user name and password and web application identify ourselves. In the path of becoming popular it has been always a big concern about the security of web based applications. There are number of ways to hack your account. The good news is, there are number ways to protect your account also. The new addition to this list is Two Step Authentication.
In this process, there are two steps before web application authenticate our identity.
- a knowledge factor (your password)
- a possession factor (your security code sent by text SMS at your phone for example)
At first step you give your user name and password as usual, then the web application send a random generated security code to your phone or your email. This security code need to be entered at the second step. If your password and security code both match at the same time then the web application authenticate your identity and you can login to the website. Please note this security code is for one time use only. So every time you login web application send a new security code on the fly to your phone or your email. This is for better security. If some hacker has knowledge of your password, then still your account is safe, because he/she do not have your phone.
I recently activate two step authentication at my Microsoft and wordpress.com account and looking to activate it at my twitter account. One another point, if you use some application which is not support two step authentication like I use Windows Live Mail for my Outlook.com mail account, then you need to take a device password and use it with that application.
You can read more on two step authentication at the following locations: