Back in August I wrote about how to enable two factor authentication across many web sites. Well, at the time, this was Google, Yahoo!, Facebook and Battle.net, although Dropbox was working on it.
I’ve now updated that blog post. Dropbox has now launched two factor authentication, and I’ve been able to add Microsoft, Apple, WordPress and App.net to that list. Which means that most of the big sites that lots of people use support it, and means that geeks like me who don’t mind the extra step should be able to keep our accounts more secure.
There are, however, a couple of notable absences:
Update: Both Twitter and Evernote have enabled two-factor authentication within two weeks of this post being written.
Twitter is actually quite lax for security. By default, you can instigate a password reset for someone by simply entering their username (which is public); you have to go into your settings to force Twitter to require your email address or phone number. And the stakes are high – the ‘Syrian Electronic Army’ has been hacking many Twitter accounts lately, including the Associated Press which caused a brief stock market wobble. Although their attack method seems to be simple social engineering tactics.
Evernote had a major security breach in March, which saw every users passwords being reset. I seem to recall Evernote stating that two factor authentication was on the cards, in case such a thing happened again, but there haven’t been any updates since.
I hope that Evernote and Twitter follow the leads of others and improve the security of their accounts soon. There are people with a lot of time and reputation invested in their user accounts who can’t afford to lose them.