two-step
Latest
Evernote two-step verification now available for Premium and Business users
Three months after a major database hack, Evernote has finally made good on its promise to implement two-factor authentication as an additional precautionary measure. Following the footsteps of other security-conscious companies, the technique requires not just your username and password, but also a six-digit code provided either via text message or an app like Google Authenticator. Further, you can print out a list of backup codes in case you don't have your phone handy. Premium and Business users will be the first to get this functionality -- they'll be treated as a test group for feedback. Once the system is optimized for a wider audience, it'll be offered to all users. Other apps in the Evernote clan, including Skitch, Penultimate and Evernote Food will need to be updated and certain third-party apps might need to be given their own dedicated passwords as well. Aside from the double-step verification, Evernote has also introduced the ability to view your account's access history and a list of authorized applications; you can revoke any device from your account settings if necessary. All of these added layers of security are totally optional, of course, but you might want to set yourself a reminder to check them out.
Two-step verification starts rolling out for Microsoft accounts
Everyone else is doing it, so why not Microsoft, right? The company has been accused of playing the "me too" game in the past, but we're not going to complain when the the end result is better security. As we learned from a leak last week, Redmond will begin enabling two-step verification for Microsoft accounts. The switch will get flipped for everyone over the next few days and, with email, Xbox Live and Skype (just to name a few) associated with the service formerly known as Live, it's never been more important to keep it locked down. (Especially when others are learning this lesson the hard way.) The two-factor gateway is purely opt-in, except where it's already been required: editing credit card information and accessing SkyDrive from a new computer. There's even a dedicated authenticator app for Windows Phone 8, which works whether or not you've got an internet connection. There's loads more detail at the source and you can check to see if the feature has been turned on for your account at the more coverage link. And if you can, we strongly suggest you turn it on. Like, now.
Microsoft leak details plans for two-step authentication process
Smoke goes up. Lights fade. The crowd roars. It's 2003, and the Dave Matthews Band is about to perform what would go on to become the theme song for security processes the world over a decade later. Weird visualizations aside, it sure seems as if two-step authentication has become all the rage these days. With Google implementing the process in 2011, both Apple and Dropbox have followed, and Evernote has made clear that it's going to join the fray as soon as feasible. Now, leaked imagery is demonstrating that Microsoft might not be far behind, with a two-step verification process evidently planned for its online services. As you'd expect, the process should work pretty simply once it's instituted -- you'll need to enable two-step on your account, and then use an app on your mobile device to retrieve randomized keys when logging into a computer that's not on your trusted device list. Notably, the process isn't expected to work with linked accounts, and while a Windows Phone app appears to already be floating about, there's no word on whether Android, BlackBerry or iOS users will receive the same courtesy. Till then, keep your passwords guarded. And, of course, watch the video embedded after the break.
Apple brings two-step verification to iCloud and Apple ID users
It's been a strong selling point from Google for security-minded users, and now Apple has finally come on board with a two-step verification process for Apple ID and iCloud users. Not surprisingly, the system works much the same as with Google and others: you first need to enable it on the Apple ID website, then you can use your mobile device to receive verification codes as needed (either via text message or the Find my iPhone app) to sign into various Apple services. You can also stash a recovery key away in the event you lose or are locked out of your phone. In our testing, it appears that the functionality is slowly rolling out to US-based users, but in practice, the changes aren't actually sticking. We're hitting plenty of time-outs, and even after registering a device, we're noticing that the verifications aren't sticking within the Apple ID account. If you're running into issues, you may want to just wait as Apple irons out the kinks.
