Anytime you log into an account on a website you’re providing proof that you are who you say you are by passing an authentication test. Most websites rely on only one method to confirm a user’s identity via a username or email address and password. Websites with a need for stronger security such as banking sites, and now the Nextpoint web applications, require you pass a more rigorous confirmation process.
Two Factor Authentication increases security by using two identification classes to determine that you are who you say you are. The first identification test we use is something you know: your password. We haven’t changed anything about our initial login process, you’ll still need to enter your email or user name and password.
If you pass the first authentication test and we recognize the device you’re connecting with, your login is complete. However, if you pass the first test and you haven’t authorized your computer you’ll be directed to a device verification page.
Here you’ll have to complete our second step in the authentication process. You’ll need to use something you have: access to your email account. When we don’t recognize your device, you are automatically sent an email containing a time sensitive PIN which you’ll use to complete authentication and authorize your device.
The PIN in the email expires shortly after it’s been sent, so make sure you use it in a timely fashion. If you don’t enter the PIN within the time constraints, you can always request a new one from the device verification page. An added benefit of the automated new device email is that you’ll know right away if your account has been compromised.
If you’re an existing user, we’re providing a quick and easy way to postpone activating this new feature, just click on the ‘postpone until later’ link on the device activation screen and ignore the Device Activation email in your inbox. You’ll push back activating two factor authentication, and will continue logging in just like you’re used to. You’ll be presented with the New Device Verification page again in two weeks. Once you activate one device, two factor authentication will automatically be enabled for your account. Users created after May 26, 2011 will not be able to defer this feature.
We’re also providing you with a history of your most recent logins, where you’ll be able to see data about your login and which devices you’ve logged in with.
Why are we doing this? We want to make sure that your data is secure even if someone steals your password. Two factor authorization is an extra step for you to log in, but it’s a much bigger obstacle for someone to maliciously access your data.
Read Full Post »