How to set up one-time passwords on Facebook and other online platforms

Your password alone is not enough to protect your online accounts. When your account details leak, such as in the case of the hacking of the San Beda University student portal, hackers will try to use the stolen credentials on other platforms such as Facebook, Google, Twitter or maybe even online bank accounts. 

If a victim is using the same username/email and password combination on another platform, the hacker gains access to that, and does more potential damage. 

One way to curb this is through the use of one-time passwords (OTP). If an OTP is active on an account, the online platform will ask for a secondary password after the hacker puts in a working email and password combination. The one-time password will be sent to either the email address or the registered mobile number of the victim. However, it may be safer to have the OTP sent to your mobile. If you happen to be using the same password on your email account, then there's a chance that the hacker will also be able to get access to that account. With your mobile number at least, it's with you physically – unless you've had it stolen, and you didn't put a PIN on it. 

Most online platforms today have the option for one-time passwords. 

OTPs are a form of two-factor authentication. There are also other ways that online platforms can give you a secondary layer of protection such as answers to questions only you may know and fingerprint scans. We're focusing on OTPs here. The steps are below for some of the more popular platforms. 

Facebook
  1. If you’re on a browser, click on the small arrow pointing down found at the top-right corner. If you’re on the mobile app, click on the hamburger menu (it's the one with 3 horizontal, parallel bars) also located at the top-right corner.
  2. Click or tap on "Settings."
  3. Tap "Security and Login."
  4. Scroll down to "Two-Factor Authentication," then click or tap "Use two-factor authentication."
  5. You’ll then be asked to choose to either receive the OTPs from a third-party authentication app or text messages. Choose the latter, and you'll be asked for the mobile number you want Facebook to send the OTP to.

If you choose to have OTPs via a third-party authentication app, Facebook will show you a QR code and an activation code. You need to download an authenticator app like Google Authenticator to scan the QR code or input the activation code. On Google Authenticator, simply tap the "+" button on the bottom right, which will give you the option to scan the QR or input the activation code. 

Once you finish these steps, you're done. 

Google
  1. Go to the Google Account page
  2. Once you’re there, click on "Security" on the left-hand side of your screen. It has a padlock icon beside it. 
  3. On the "Signing in to Google" panel, turn on "2-step Verification."
  4. Click "Get Started."
  5. You might be asked to enter your password again. On the next screen, select "Voice or text message." Input your mobile number, and then choose to have the OTP delivered to you by either a text message or phone call. 
  6. Google will send you a test OTP which you'll have to input to finish the process. 

Twitter
  1. If you’re on a browser, click on "More" located on the left-hand side of your Twitter screen. Meanwhile, if you’re on mobile, click on your icon. Then hit "Settings and Privacy." 
  2. On your account settings, click "Security." It’s below "Password," in case you miss it.
  3. Click "Two-factor authentication."
  4. You’ll be asked to choose one of 3 verification methods: text message, authentication app, or security key. A security key is a physical USB key you can purchase that lets you unlock your account on desktop. It's not an option yet for mobile log-ins. 
  5. Tick the box of your selected method, then follow instructions.

Instagram
  1. Go to your profile, then hit "Settings," which is represented by the cog icon. It’s found under the hamburger menu on the mobile app. 
  2. Click or tap "Privacy and Security," then "Two-Factor Authentication." 
  3. Now, hit "Edit Two-Factor Authentication."
  4. After that, you’ll find your two verification options: text message or an authentication app. 
  5. Tick the box of the option you want and follow instructions. 

Remember, setting-up two-factor authentication on your account doesn’t mean you’re going to be completely safe from any kind of cyberattack. You’ll be more protected, yes, but, you still have to remain vigilant on possible threats and avoid sharing your private information. Check your other online accounts as well for two-factor authentication and one-time password features. – Rappler.com

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.

image