In an effort to thwart large-scale account compromises many online resources now offer "Two-Step Authentication" in addition to their traditional login authentication models.

Most major banks now offer this to their online customers as do most of the major tech' power houses (Google, Microsoft et al) when authenticating to their services. Usually it's buried pretty deep in your account settings, but with large-scale compromises becoming more common "Two-Step Authentication" is slowly (until we have efficient and reliable biometric authentication), becoming the norm'.

One nifty little app' that Google have (available for both Droid in "Google Play" and iOS in the "App Store") is called Google Authenticator. At the heart of it is a Time-based One-Time Password (TOTP) token system.


Using the advanced two-step authentication settings of Microsoft, Google and other your other online services, you are able to establish a connection between your device (the application) and your online service using a traditional QR code. Now, when logging into your online service of choice, not only will you have to authenticate with a traditional password but also the TOTP token displayed in Google Authenticator on your mobile device.

Also, don't worry if your device is lost or stolen. You can revoke a devices access to Google Authenticator by removing those privileges in your online account settings for each particular service.