Pinterest Helps Normalize Security With Two-Factor Authentication, Other Features

We know: Pinterest coverage isn't something you expect to see on Tom's Hardware. But when such an important company improves its security by introducing two-factor authentication, it's worth noting, especially when it has the potential to help normalize a much safer login method.

Two-factor authentication combines the common username-and-password combo with another code generated by an app like Authy, a physical device like YubiKey, or a company's servers. The idea is to combine a semi-permanent authentication mechanism (username-password) with something more ephemeral. That should prevent anyone from gaining access to an account by obtaining or guessing the associated login credentials.

These systems aren't perfect--someone can steal codes, for example--but it's far more secure than single-factor authentication. It's also more arduous. Having to generate and enter a code every time you want to sign in to a service is far less convenient than typing your username and password. Many companies believe the bolstered security outweighs the hassle, though, so they add support for two-factor authentication.

Pinterest joined those ranks today. The company announced that it will roll out two-factor authentication support to all users "over the next few weeks." It works just like you'd expect--you enable two-factor authentication, decide if you want codes to be generated via an app or sent to you via SMS, and enter those codes when you sign in to your account. Many other services, like Facebook and Twitter, operate in the same way.

Two-factor authentication support isn't the only security measure Pinterest announced. The company also said that its users will now be able to view all the devices connected to their account and remove any devices they don't recognize. Pinterest will also email users whenever it detects a login from a new device or location. If the login is fraudulent, Pinterest users will be able to reset their account passwords.

These features have become increasingly common, but they aren't yet ubiquitous. That creates two problems: It makes people think features like this are unnecessary, and it means companies aren't securing user information as well as they should. Pinterest's decision to help normalize these mechanisms by introducing them to its 175 million monthly active users--and to make all those people a little safer--is nothing to sneeze at.

It's worth noting, however, that Pinterest's two-factor authentication support is optional. You don't have to secure your Pinterest account this way; you could just keep using the same old username and password. Security tools are at their best when they're enabled by default instead of offered as optional features, but still, it's better to have the option available than it is to be stuck with sub-par security on a massively popular service.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.