Search
  • Videos
  • Windows 10
  • 5G
  • Best VPNs
  • Cloud
  • Security
  • AI
  • more
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
  • Newsletters
  • All Writers
    • Preferences
    • Community
    • Newsletters
    • Log Out
  • Menu
    • Videos
    • Windows 10
    • 5G
    • Best VPNs
    • Cloud
    • Security
    • AI
    • TR Premium
    • Working from Home
    • Innovation
    • Best Web Hosting
    • ZDNet Recommends
    • Tonya Hall Show
    • Executive Guides
    • ZDNet Academy
    • See All Topics
    • White Papers
    • Downloads
    • Reviews
    • Galleries
    • Videos
    • TechRepublic Forums
      • Preferences
      • Community
      • Newsletters
      • Log Out
  • us
    • Asia
    • Australia
    • Europe
    • India
    • United Kingdom
    • United States
    • ZDNet around the globe:
    • ZDNet France
    • ZDNet Germany
    • ZDNet Korea
    • ZDNet Japan

Make your cloud safer: How to enable two-factor authentication for the most popular cloud services

1 of 7 NEXT PREV
  • Two-factor authentication is no longer optional

    Two-factor authentication is no longer optional

    The risks of having important cloud credentials compromised is too great to risk protecting them with nothing more than a password.

    An attacker who can get access to an important cloud service can commit espionage or sabotage, or he can just wreak havoc.

    The solution is to turn on two-factor authentication for every crucial cloud service you use, especially those that are tied to business accounts.

    Yes, 2FA increases the hassle factor slightly. But the assurance that your secrets will remain safe even in the event of a password breach is worth a few seconds of extra verification.

    This gallery includes steps to help you enable two-factor authentication in six important cloud services. Do it now.

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

  • Microsoft account (OneDrive, Outlook.com, and more)

    Microsoft account (OneDrive, Outlook.com, and more)

    Microsoft accounts are attached to a lot of high-value information, including settings and passwords from Windows 8 accounts, OneDrive file storage, and Outlook.com email.

    Given the value of that information, it's crucial that you turn on two-step verification for your Microsoft account.

    The controls are here, on an account management page that also includes some other interesting security settings.

    You can use an authenticator app to make the process simpler and cut down the need for text messages. Google's Authenticator app for Android or for iOS will work. So will Microsoft's Authenticator app for Windows Phone.

     

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

  • Google

    Google

    Two-factor authentication (Google calls it 2-step verification) isn't just for Gmail, although that's where most people will run into it.

    Instead, setting up extra security applies to every service that requires you to sign in to a Google account. You'll find all your security options at this Google Account Settings page.

    When you enable 2-step verification, signing in to your account requires an extra step after you enter your username and password. If your credentials are accepted, you then have to enter a verification code sent to your phone via text or voice call or generated by a mobile app.

    This official explainer offers more details.

    Google Apps (the paid service) uses the same mechanism as free Google accounts, except that you sign in with an address in your custom domain instead of a free @gmail.com address.

    In any event, be sure to set up a recovery address. That option helps you quickly regain control in the event someone is able to bypass security and take over your account.

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

  • Office 365 (Enterprise accounts only)

    Office 365 (Enterprise accounts only)

    Microsoft has offered multi-factor authentication for Office 365 administrator accounts for years, but the ability to enable this feature for ordinary users is new. (I wrote about the changes back in February, in "Microsoft expands multi-factor authentication for Office 365." )

    Alas, what was true then is still true today: This crucial security feature is only available if you've signed up for an Office 365 Enterprise plan. Lowly Office 365 Small Business customers are shut out.

    The feature is available from the Office 365 Admin center, as shown above. Note that you must be an administrator to enable two-factor authentication, and it can be enabled on a per-user basis.

    If you have a Windows Phone, don't use the Authenticator app that works with Microsoft accounts. Instead, track down the Microsoft Azure Multi-Factor Authentication app, which is available for Windows Phone, Android, and iOS.

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

  • Dropbox

    Dropbox

    Dropbox has suffered its share of embarrassing security mishaps through the years. Roughly two years ago, in one of several security related steps, the insanely popular online file storage system enabled a very robust two-factor authentication system.

    With that feature enabled, each time you sign in on a new PC or mobile device, Dropbox will require a code. Wisely, it supports authenticator apps, which can be configured by aiming your mobile device's camera at a barcode like the one shown here.

    To jump directly to the setup page for this feature, sign into Dropbox and then click here.

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

  • Facebook

    Facebook

    Facebook isn't just for birthday wishes. Lots of businesses use it for communicating with customers and building brand identity. Don't let a compromised account undo that work.

    On Facebook's well-hidden Security Settings page, you'll find options to receive notifications each time you (or, worse, someone pretending to be you) logs in to Facebook. But the second option, Login Approvals, is the one to pay attention to.

    You need to add your mobile phone number to your Facebook profile before you can turn this option on. (You can hide the number so it's visible only to you, if you prefer.) With that step out of the way, set up security code delivery by having a code sent to your mobile phone. Any future login requests from untrusted machines will trigger a request for you to enter a code received on the same device.

    Facebook allows you to use codes generated by its own mobile app. A well-hidden option also supports third-party authenticator apps. From the Security Settings page, open the Code Generator section and then click "Set up another way to get security codes."

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

  • Twitter

    Twitter

    Nothing's quite as painful (and occasionally comical) as watching someone else's Twitter account get hacked.

    Unless it's yours, that is, and you use the account to promote your business or your brand.

    In addition, Twitter is increasingly used as an identity check, so the ripple effects of a hacked account can extend well beyond 140 characters.

    Twitter allows two secure options in the Login Verification section: You can have verification codes sent to a mobile phone as SMS messages, or you can install the Twitter app on an iOS or Android device and accept verification requests in those apps.

    To turn on either setting, visit the Twitter security settings page.

    For more details about Twitter's security settings, see this official explainer.

    Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

    Caption by: Ed Bott

1 of 7 NEXT PREV
Ed Bott

By Ed Bott for The Ed Bott Report | September 26, 2014 -- 11:00 GMT (04:00 PDT) | Topic: Cloud

  • Two-factor authentication is no longer optional
  • Microsoft account (OneDrive, Outlook.com, and more)
  • Google
  • Office 365 (Enterprise accounts only)
  • Dropbox
  • Facebook
  • Twitter

Step-by-step instructions to help you tighten security and dramatically reduce the risk that crucial cloud services will be compromised. If you use a Microsoft or Google account, Office 365, Dropbox, Facebook, or Twitter, keep reading.

Read More Read Less

Two-factor authentication is no longer optional

The risks of having important cloud credentials compromised is too great to risk protecting them with nothing more than a password.

An attacker who can get access to an important cloud service can commit espionage or sabotage, or he can just wreak havoc.

The solution is to turn on two-factor authentication for every crucial cloud service you use, especially those that are tied to business accounts.

Yes, 2FA increases the hassle factor slightly. But the assurance that your secrets will remain safe even in the event of a password breach is worth a few seconds of extra verification.

This gallery includes steps to help you enable two-factor authentication in six important cloud services. Do it now.

Published: September 26, 2014 -- 11:00 GMT (04:00 PDT)

Caption by: Ed Bott

1 of 7 NEXT PREV

Related Topics:

Cloud Google Digital Transformation Data Centers CXO Innovation
Ed Bott

By Ed Bott for The Ed Bott Report | September 26, 2014 -- 11:00 GMT (04:00 PDT) | Topic: Cloud

Show Comments
LOG IN TO COMMENT
  • My Profile
  • Log Out
| Community Guidelines

Join Discussion

Add Your Comment
Add Your Comment

Related Galleries

  • 1 of 3
  • Azure Synapse Analytics data lake features: up close

    Microsoft has added a slew of new data lake features to Synapse Analytics, based on Apache Spark. It also integrates Azure Data Factory, Power BI and Azure Machine Learning. These ...

  • Linux turns 29: The biggest events in its history so far

    A year by year summary of the most significant events in Linux's history to date.

  • Top programming languages, 5G worries, cloud computing, and more: Research round-up

    All the facts and figures that matter to you and your business from the past month in technology news.

  • IT spending, cloud computing, big data, virtual reality, and more: Research round-up

    All the data that matters to you from the past month in technology news.

  • Provision a WordPress site in 30 minutes or less using Amazon AWS Lightsail

    Amazon's AWS can be daunting in terms of its almost overwhelming complexity. But Lightsail makes it easy. In this tutorial, we'll show you how to create a full WordPress install in ...

  • Julia programming language, cloud computing, cybersecurity worries: Research round-up

    All the facts and figures that matter to you and your business from the past month in technology news.

  • How Microsoft lost its monopoly in web browsers

    At the dawn of the Internet age, Microsoft used every trick it knew to dominate the World Wide Web. That strategy worked for a few years, but aggressive antitrust enforcement and equally ...

ZDNet
Connect with us

© 2021 ZDNET, A RED VENTURES COMPANY. ALL RIGHTS RESERVED. Privacy Policy | Cookie Settings | Advertise | Terms of Use

  • Topics
  • Galleries
  • Videos
  • Sponsored Narratives
  • Do Not Sell My Information
  • About ZDNet
  • Meet The Team
  • All Authors
  • RSS Feeds
  • Site Map
  • Reprint Policy
  • Manage | Log Out
  • Join | Log In
  • Membership
  • Newsletters
  • Site Assistance
  • ZDNet Academy
  • TechRepublic Forums