Tiller takes security seriously. We strongly encourage everyone to use 2-Step Verification when logging into their Tiller console.
A major reason we use Google sign-in for authentication is its support for 2-Step Verification. This feature is also called:
- Multi-factor authentication
- 2-Step Verification by Google
- 2-step Verification or multi-factor authentication by Microsoft for Office 365
- Two-Factor Authentication (2FA)
- Two-factor authentication by Apple
“2-Step Verification is ‘like a double security door — if a thief unlocks the first one, he’s blocked by another.’” – auth0.com
How it Works
2-Step verification means that you’re the only person who can sign in to your account, even if your passwords has been stolen or compromised.
Here’s how it works with Google sign-in:
- If you’re coming from a third party like Tiller, click the “login” or “Sign up with Google” button.
- A new window will open.
- You’ll enter your Google password as usual.
- You’ll then be prompted for an additional way to sign in along with your Google password.
- A one-time code will be sent to your phone via text, voice call, or our mobile app. (Or, if you have a Security Key, you can insert it into your computer’s USB port.)
It’s important to note that with 2-Step Verification, you’ll always be required to have “something you know and something you have” – your password and your phone or another device that can receive text messages with the confirmation code (such as an iPad).
- More on 2-Step Verification with Google
Surprisingly, 2-Step verification is still a missing feature on many personal finance apps.
You can see if 2-step verification is supported by your financial apps by checking Twofactorauth.org (though their listing is spotty and may be out of date.)
- Services that require login with Google or Microsoft (like Tiller) support 2-Step verification.
- Services that require login + unlocking a device with a thumbprint or face scan (like many banking apps) also support 2FA.
Bonus: Use the Password Checkup Chrome Add-on from Google
The Password Checkup add-on from Google helps you resecure accounts that were affected by data breaches.
“Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well.”
If you use Chrome, get it here.