2-Step Verification and Financial Security With Tiller
Tiller takes security seriously. We strongly encourage everyone to use 2-Step Verification when logging into their Tiller console.
A major reason we use Google sign-in for authentication is its support for 2-Step Verification. This feature is also called:
- Multi-factor authentication
- 2-Step Verification by Google
- 2-step Verification or multi-factor authentication by Microsoft for Office 365
- Two-Factor Authentication (2FA)
- Two-factor authentication by Apple
“2-Step Verification is ‘like a double security door — if a thief unlocks the first one, he’s blocked by another.’” – auth0.com
How it Works
2-Step verification means that you’re the only person who can sign in to your account, even if your passwords has been stolen or compromised.
Here’s how it works with Google sign-in:
- If you’re coming from a third party like Tiller, click the “login” or “Sign up with Google” button.
- A new window will open.
- You’ll enter your Google password as usual.
- You’ll then be prompted for an additional way to sign in along with your Google password.
- A one-time code will be sent to your phone via text, voice call, or our mobile app. (Or, if you have a Security Key, you can insert it into your computer’s USB port.)
It’s important to note that with 2-Step Verification, you’ll always be required to have “something you know and something you have” – your password and your phone or another device that can receive text messages with the confirmation code (such as an iPad).
- More on 2-Step Verification with Google
Surprisingly, 2-Step verification is still a missing feature on many personal finance apps.
You can see if 2-step verification is supported by your financial apps by checking Twofactorauth.org (though their listing is spotty and may be out of date.)
- Services that require login with Google or Microsoft (like Tiller) support 2-Step verification.
- Services that require login + unlocking a device with a thumbprint or face scan (like many banking apps) also support 2FA.
Read more: 4 Simple Steps to Securing Your Online Financial Accounts
Bonus: Use the Password Checkup Chrome Add-on from Google
The Password Checkup add-on from Google helps you resecure accounts that were affected by data breaches.
“Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well.”
If you use Chrome, get it here.
2 Comments
Leave a Reply
You must be logged in to post a comment.
Start Your Free Trial
Keep a clear, confident view of all your money in one place, with flexible templates, powerful privacy, and top-rated support
What about bank accounts requiring two-step authentication? I’m talking about accounts I add to Tiller. Is there a way to flag Tiller as trusted (much like a browser on a particular computer) so that I don’t have to constantly (every day or every time I refresh accounts) go through the two-step process for each of my accounts in Tiller? I don’t want to turn off two-step authentication on my bank accounts (some require it now anyway). This is a huge showstopper issue for many financial management tools.
We encourage you to use two-factor authentication (2FA) whenever available for your financial accounts. Even with 2FA enabled, it’s still possible to connect those accounts to your Tiller sheet. That said, it is true that your bank’s security code will expire after certain period of time (varies by institution) and you’ll need to re-authenticate to keep data flowing into your Tiller sheet. Right now, we don’t have a way to flag Tiller as a trusted device in the way you’ve described. We’ve heard reports from some customers that they have had some luck reducing the re-authentication frequency after working directly with their bank’s tech support, though this seems to be the exception, rather than the rule.