In today's technological climate, most of us know not to use simplistic passwords for our computer, mobile or sites we visit, but no matter how many backslashes, capitals and numbers you put into it, there's always a chance that someone will figure out a way around it, which is often where two step authentication comes in. Unfortunately though, there's still a lot of companies out there that don't use it, which is why one man is trying to coerce more of them into doing it, by listing them right alongside those that do.
The site in question is TwoFactorAuth.org (2FA) and it hopes to persuade more companies to implement it, whether it's through Authy, Google Auth, SMS or a custom application – preferably all of them. Unsurprisingly Google is one of the better ones, only not offering a custom app option. Microsoft is right up there with it too with its Outlook service, offering SMS and Authy support, so is DropBox, GitHub, Coinbase and a few others.
However, perhaps worryingly, some of those offering no form of two factor authentication are financial institutions, including American Express, Citibank, Mint, Wells Fargo. and CapitalOne 360. League of Legends too, with its 50 million + player base doesn't offer any form of 2FA.
Social providers are some of the best implementers of 2FA
It's these sorts of companies that the creator of the site, Josh Davis, is hoping to help change their ways. As well as naming and shaming them though, he's made it very easy for people like you and me to ask these companies to turn over a new leaf. Next to the name of each company that doesn't support 2FA is a button that reads: “Tell them to support 2FA.” If you click it, it sends you through to Twitter, with this pre-written message:
“Security is important, @mint. We'd like if you supported two factor auth. http://twofactorauth.org #SupportTwoFactorAuth”
Though obviously it replaces @mint with whichever company you're looking to contact.
“Here's to hoping that more sites will put the security of their customers first and invest in two factor auth,” Davis said of the site, suggesting that the best news he could get would be for TwoFactorAuth to become redundant.
KitGuru Says: This seems like quite a decent campaign, though I feel like the second step would be to convince everyone to actually make use of Two Factor Authentication. I know I can be a bit lazy when it comes to sorting that on every site. [Thanks Wired]