Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":1448587,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

Two-factor authentication: A good first step after Heartbleed

Yes, you should switch your passwords for services affected by the Heartbleed security vulnerability. But you can do better than that.

Some of today’s most popular web services let users enable a two-step, or two-factor, sign-on process that can apply an additional layer of authentication by asking for a code from a text message, a smartphone application, or a key fob.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1448587,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"D"}']

That looks like a brilliant idea now that lots of companies have fessed up about being affected by Heartbleed since media outlets and bloggers first hit their emergency alarms about it.

Grabbing a one-time password off a device other than the main one you’re using in order to log in won’t prevent all risks, but it can make the job harder for people looking to grab key information from you, Paul Ducklin of security vendor Sophos wrote in a post yesterday on company blog Naked Security.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

“[W]hile it wouldn’t have made heartbleed less of a bug, it would have made any passwords harvested by means of the bug much less useful, perhaps even useless,” Ducklin wrote.

Indeed, file-sharing company Box is encouraging people to set up two-factor authentication, following its introduction of the feature in 2012.

“If I could ask you to do one thing — turn on two-factor authentication today,” Box security director Joel de la Garza wrote in a blog post on Friday.

He went on to encourage people to use single sign on for Box, too.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More