You've probably heard about 2-Step or 2-Factor authentication and wondering what it is and why we would want to use it.
You may not realize it, but you've been using 2-Step authentication all along. Your ATM card is a part of the 2-Step authentication system. The two parts are your card and a PIN.
With Google 2-Step authentication, Google provides you with an authenticator app that installs on your mobile device*. You use it in addition to your email address and a password.
When you log-in with Google 2-Step authentication, you need this authenticator app. It shows a new 6-digit code every minute that only you and Google can match. As the code expires in that minute, stealing the code will not do much.
With BodyMapSnap Google authentication integration, here is what happens.
1. Google gives us the confirmation that it is you who has signed on based on your password and authenticator code.
2. Google makes sure that the request came from a Google registered BodyMapSnap server (and not from a hacker's make-shift server).
Another big benefit is that your Google password is never seen by BodyMapSnap, therefore, it's not possible for BodyMapSnap to leak your password.
Why is it “quite a bit” more secure?
Imagine that you contracted some malware, your password was leaked world-wide, and remote hackers attempted to access your account. With the 2-Step authentication, they still need your authenticator, which they are extremely unlikely to have.
To help you sleep even better though, Google now notifies you when there are any new sign-in activities.
2-Step verification is still not a panacea. Imagine someone you know has “borrowed” your phone, hence the authenticator, and if the person knows your phone unlock code and password, that won’t prevent access.
So, please keep up with your security by changing your password often, not use a password that’s easily guessed like your pets’ or children’s names, and making sure you put a lock code or use the fingerprint feature on your phones.
Now you know that 2-Step authentication gives you significantly better security for medical information handling, and why we have integrated it. Google also gives this technique free for everyone.
This is another way, WinguMD provides better security for all your medical collaboration needs.
Not Ready for "2FA?"
You should change password often, and to do that you should use a password manager. I used one (but that in itself is 2FA enabled since one password loss with a password manager you will open up all your passwords, that's a lot more dangerous!).
*I use another authenticator called Authy. If you start to use many other services that has 2-Step authentication, it is a lot more convenient.
On May 2018, I have started to use YubiKey. This is a bit more convenient. I just plug in a USB based key and tap the button on the key. No code typing is needed.
Microsoft Authenticatior is also better than Authy. Instead of typing in a number you just tap from a choice of answers on your mobile. I use this to authenticate the access to our Microsoft Azure cloud. If you are accessing Microsoft properties this is highly recommended.