Two-Steps Verification

Two-Steps Verification is also known as two-factors authentication, which is a process of adding an extra layer of security to your account. Two-Steps Verification requires something you know (your login password) and something you have (a mobile to receive the code). This will provide more security to your email, since the “authentication code” is generated continuously. Google, for example, provides two-steps verification either via a text message to your phone or via the “Google Authenticator” application.

Google authenticator is a mobile application that generate one-time password every 90 seconds. This application will allow you to generate the two-steps verification codes on your smartphone (network connection is not required).

 

Remember: Google authenticator can be used to generate verification codes instantly to sign in to your Google application accounts; along with the ability to implement one-time passcode generators for several mobile platforms.

Note: the services of the two-steps verification is implemented via the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP).

 

This link provides more information about two-steps verification and other alternative techniques to access your email.

More information about how to setup Google Authenticator.

Advertisements

Computer Security Terms and Definitions

  • Confidentiality – Is a term in which to ensure that the data should be only read (readable) to/by the authorised people. For example, Cryptography and Encryption methods are an example of an attempt to ensure confidentiality of data transferred from one computer to another.
  • Integrity – This term is given to the data that must not be changed in transit; and the taken steps must be implemented to ensure that data cannot be altered by unauthorised people. In another word, it is the ability to ensure that the data are accurate and unchanged representation of the original secure information.
  • Availability – Is the fact that ensures the system components (Hardware and Software) are available and authorised to people when they need it (at all time). For example, a particular search engine is trying to ensure that their web/services are available (Still running).
  • Accountability – Is the traceability of actions performed on a system, in order to prove if a person did something wrong (with knowing the who did that).
  • Non-repudiation – Is the fact of proving something without denying it. For example, if a person misses with the system, that person cannot deny it.
  • Accessibility – Is the fact that ensures the system components (Hardware and Software) are accessible and available to certain people when they need it. For example, the same search engine’s admin should ensure that the web/services are available (Still running) and accessible to authorised people.
  • Authentication – Is the fact of proving who you say you are (or who he/she claims to be).
  • Authorisation – Refers to the rules that determine who is allowed to do what. For example, Mike (Admin) may be authorised to create and delete databases, while Tom (User) is only authorised to read.

 

Note: In computer security CIA does not refer to Central Intelligence Agency, but it does refer to Confidentiality, Integrity, Availability or Authentication. Some people say the letter “A” refers to the big “A”, which means that it concludes everything that starts with the letter “A” such as, Accountability, Authorisation, Authentication, Accessibility and more.