What do you do when you want to access your Facebook account? After you type in the URL, you are required to type in your email address and password. When you hit “Enter”, you will be logged in to your Facebook account. This is how a lot of personal accounts work nowadays. All you need is a username and a password to sign in. However, this method of signing in is now considered outdated.

Websites such as Facebook, Twitter, and Google usually recommend their users to create a strong password, one that will make it difficult for other people to “guess” your password and access your account. For those of you using Facebook, you may recall times when your friends would post some weird link on your wall, telling you that good will happen if you access the link. Now, if you are a cautious web surfer, you would probably remove that wall post and ignore the link. However, if you are not, then you may be directed to some malicious website that can harm your computer by downloading viruses, spyware, malware, etc. In cases like this, your friends’ accounts have been hacked by an unknown outside user. Similar incidents can occur on other websites that involve social networking or Internet communication. People who use Gmail, Yahoo! Mail, or any type of webmail can inadvertently send spam to their family and friends, due to their accounts being hacked.

Sending spam and sharing malicious links is not the only thing that can happen should your online accounts be hacked. Social Networks such as Facebook are very popular targets for hackers. Why? Because Facebook users often put personal information about themselves on Facebook. Facebook does not require users to put their personal information on their profiles, but many people do nevertheless. The social network even offers privacy control for their users, limiting the amount of information that can shown to other Facebook users, but even this is not enough. Should a hacker find a way to access your account, the privacy settings are useless, and your personal information can be exploited to the hacker’s advantage.

So, is a username and a strong password good enough? Absolutely NOT! What can be done to improve the security of sign-ins? The answer to that is “two-step verification”. A couple of weeks ago, Google announced that it is enabling users to use a “two-step verification” process. Not only will users be required to enter in a username and a password, but they are also required to enter a special verification code that is sent to their cellphones. This is two-step verification, and it is available for all Google users.

Here’s how it works: after you type in your Google username and password, a special code will be sent to your cellphone via text message. Every time you log in, Google will send you a new verification code. After you type in your verification code, you can access your Google account. To activate two-step verification, simply go to your Google Account settings and turn on two-step verification. You will then be guided through a series of steps. Once you finish the setup, your Google account will require you to enter in the verification code every time you log in.

But what happens if you lose your cellphone? How do you get the verification code? When you activate two-step verification for your account, you will be required to enter in two cellphone numbers: your primary number, and a secondary one (like one of your parent’s cellphones). Therefore, even if you do lose your cellphone, you have a backup. If you don’t like the idea of entering in a different verification code every time, you have the option of having your home computer or notebook remember that verification code for 1 month. When that month is over, you will required to enter in another verification code.

Hopefully many of you Google users will use two-step verification. Our Cornell Google accounts currently do not have this feature, so don’t bother trying to turn on two-step verification for those accounts. If you have a regular Google account, then you can enable it. I am currently using it the two-step verification process for my Google account, and I think it is pretty cool. I certainly feel much safer every time I log in and out.