Sunday, April 12, 2015

Enable Two-step verification for your Naver account

Today I'll walk you through a brief tour of enabling two-step protection on your Naver account.

Two-step verification, or Two-factor authentication (i.e. getting a code on your phone to sign-in), adds an important layer of security to your account. I have this set-up on my Google account. I didn't notice this until recently, but Naver (네이버) also lets you enable this security feature, though they refer to it as OTP. With all the hacking stories out there, it's useful to "set it and forget it." It's pretty simple if you're already familiar with 2-step authentication, with one main difference: the Naver app itself is used for generating the codes. But we'll get to that.

Creating a Naver Account
The brilliant thing is that 90% of all this process can be done in English. Creating a Naver account and editing all major account settings on Naver can all be done in English (and Chinese), even though most Naver function beyond that are only in Korean. No Alien ID Numbers (외국인 등록 번호) or passport numbers are needed; but you will need a mobile phone to receive a verification code. I was required to enter a Korean (+82 prefix) phone number, but when signing-up from abroad, you can choose from an international country drop-down list.


Enabling the Protection
Once you've created your Naver account (and it really is super simple), we can enable the Two-step verification.

While logged in, click 내정보 ("My Account") circled above.

From there, all your settings will be in English. Click over to the "Security" tab and scroll down to "OTP Sign-in (2-step Verification)". You might also want to take this opportunity to enable some of the other security features on this page.

The process is pretty straight-forward. You'll be taken first to an introductory information page.

The main difference between Naver's OTP and that of other services (like Google's) is that the codes will be generated within the Naver App itself, not using a seperate stand-alone app (like Google Authenticator) nor by SMS text messages. That last fact is strange, considering that Naver will use an SMS message code to verify your phone number here. Why not just have an SMS option for receiving codes?

Part of the reason may be this:
The malicious application attacks a smartphone to steal personal information in the phone by pilfering authentication SMSs when the person uses an e-commerce payment service. [Korea Bizwire]

Note also here that the phone number you use here does not have to be the same number associated with your account (the number you gave when signing-up with Naver). For example, I didn't want to install the bloated Naver app, so here I used the number of a family member who does have the app. It worked just fine, though of course I'll need that person's phone when logging-in on an unknown/untrusted computer. Input the number, Naver will send you an SMS code, and input that code here.

Now it will tell you to install the Naver app (Android - iOS) to your phone, if you haven't done so already.

Now it's time to get the code from the app and input it here. For this step, you'll need to put both the one-time code, and the app's serial number. In the future, you'll only need the one-time code.

If you're not sure where to get this code, I'll show you now.

 Open the Naver app on your phone, tap the three-line "hamburger menu", and go down to 앱 설정 ("App Settings").

Tap the second item "네이버 OTP".

Here is your OTP code. You can do this each time you want to log-in to Naver on a new/untrusted computer.

Now back to the set-up:

Assuming you input the code correctly, you'll reach a penultimate page asking you to choose a back-up email address.

And finally, take a look at the number and email to make sure everything looks good. If you're ready, click "Confirm" and you'll now be required to enter the code when logging in.

This is the screen you'll be presented with, from now on, after entering you Naver ID and password.
This could be really annoying to do every single time, so don't be a chump. If you're on your personal computer, just be sure to click the "Stay OTP Signed in" checkmark button before entering the code, and you won't need codes for that computer anymore. Set it, and forget it. Enjoy the peace of mind of knowing that no other computer will be able to log-in as you.


Hopefully you found this guide helpful. Though, of course, nearly the entire process was in English so really such a guide is a bit unnecessary. Personally, that makes me glad, that Naver expands their English offerings. Naver's services really are useful and powerful; not just "Korean Google". I think they could see a lot of expansion and growth by supporting even just a few foreign languages (English / Chinese / Japanese). As I wrote before, Naver Dictionary and Naver Translate can be used fully in English. Let's hope more Naver services continue to become multi-lingual.

No comments :

Post a Comment