15 March 2014

My New Site to Demand Two Factor Auth Support

About a month ago I was going through the process of looking for a new domain registrar to transfer my domains to. My number one criteria was a secure registrar.

Although I don’t own a rare Twitter handle, it was scary to think about how the extortion of Naoki Hiroshima was possible just because of a lost domain name.

Although GoDaddy does support two factor auth, if Naoki hadn’t been using it for PayPal, his PayPal account would have been compromised as well.

I did a Google search for a list of sites with two factor auth and the results were pretty dissatisfying. The first result was a website with a huge list of sites that was barely usable.

This gave me an idea for my next mini-project.

A Quick Explanation

Now if you don’t know what two factor auth is, basically the idea is that it gives you a second way to verify that you are you. The key is that this value doesn’t reside in your head or stored on a sticky note next to your monitor.

Instead the value is given to you (either through cryptographic means or through a text/SMS). You then take this value and put it into whatever service you are logging into.

Thus this gives a “second” factor to verify yourself by and giving you more security.

TwoFactorAuth.org

First, check it out here: TwoFactorAuth.org

In the last 24 hours, I’ve spent the time creating a very simple website that has a list of all the most common categories of websites like social media, finance, email, etc. Then under each category there is a list of the most common websites and whether or not they support two factor auth.

In addition to this, it provides a Twitter button that allows you to Tweet out to the companies to demand that they support two factor auth. While it may be a bit passive aggressive, it is a simplified version of the late Aaron Swartz’ idea for his website, DemandProgress.

My Goal

I am a strong proponent for individual security and awareness. I hope that this website will give a single place to go when determining alternative services based on the care and engineering they have in place for their customers.

If every website that ends up on TwoFactorAuth.org ends up in the green and my website becomes pointless, then that is only a success in my vision.

Here’s to hoping that more sites will put the security of their customers first and invest in two factor auth.

Open Source (of course)

Oh and lastly, the best part is that it is open source so you can add any website to it you want. Just head over to the GitHub repo and make a pull request.

You're awesome for reading this. Follow me on Twitter.