Skip to main content

Not sure what two-factor authentication is? We're here to help

What 2FA is, why it's important, and why you should use it.

You see a lot of talk on the internet about two-factor authentication (or 2FA as it's commonly called), and most of the time, you just see people like us telling you to use it.

We'll continue that trend and start this guide by telling you to use 2FA whenever and wherever you can. However, we're also going to let you know what it is and why you must use it. Ready to learn more? Read on.

Lock it down

Yubico Yubikey 5 NFC

$45 at Amazon

Keep your accounts extra safe with a physical 2FA key

Everyone should be using two-factor authentication (yes, you!), and one of the best ways to start is with the Yubico Security Key. This USB key fits in any USB-A port and securely saves 2FA login codes for your Google, Facebook, Dropbox, and other online accounts. It's also extremely durable and can be attached to a key ring for easy transportation.

Jump to:

What is two-factor authentication?

To put it in simple terms, two-factor authentication (2FA) means that you need to present two different things from two different sources that prove who you are. Generally, three different ID types can be used for 2FA purposes when it comes to online accounts:

  • A thing that only you should know. A password, PIN, account number, your street address, or even the last four digits of your Social Security number fit the bill here.
  • A thing that you can hold in your hands. This means your phone, an authenticator fob, or a USB security key.
  • A thing that is part of you, like your fingerprint, retina pattern, or voice pattern.

When you have 2FA enabled on an account, you need two of these three things to get access.

You've been using 2FA all along and probably didn't realize it.

You've been using 2FA for most of your adult life. The companies who process credit card payments for online retailers usually force you to enter the three-digit code on the back of your credit card as well as the card number, then need you to provide the billing address. The numbers on the card (both front and back) are a way to make sure you have the card in your possession for the first method of authentication, then the address you provide has to match what the card issuer has on file as a second way to prove who you are. That's 2FA.

Back when the world still used checks to pay for things, most businesses wanted two forms of physical ID from a well-recognized place like your state DMV or school as a way to make sure you are the person whose name is on the top of the check. That's also 2FA. Plus, to get those IDs usually requires multiple things from different places to prove who you are.

Using 2FA for your online accounts is a little bit different but still uses the same principle — if you can provide more than one method to prove who you are, you probably are who you claim to be. For an account like Google, Facebook, or Amazon, you need to supply a password. Your password is something only you should know, but sometimes other people can get hold of it. When you add a 2FA requirement — like an authentication token sent to your phone or a something like the Google Titan security key you plug into your computer — a password is no longer enough to get into your account. Without both pieces of authentication, you're locked out.

Do I still need a strong password if I use two-factor authentication?

With all the various online services at your disposal, it's important to have a unique password for every single one of them. Duplicate passwords open you up to being potentially hacked in the event that someone gets ahold of one password and then tries to use it at different sites. It's impossible to keep all of your passwords stored in your memory, and that's where password managers come in.

The great thing is that password managers have evolved so much that many of them offer additional features that are not only useful but continue to keep your information confidential. For example, 1Password is currently our favorite password manager due to its ease-of-use. But the app can also act as a 2FA authenticator after everything has been set up. The code refreshes on a regular basis and is much more secure than relying on SMS messages for authentication.

Password managers are great tools for ensuring you have a lengthy and unique password for all of your online accounts, but a strong password isn't a good enough excuse to ignore two-factor authentication and not use it. Just about any password can be hacked if someone is persistent enough and has the right amount of computing power, but bypassing 2FA through a dedicated app or security key is virtually impossible unless you have access to that physical device.

As such, it goes both ways. Just because you use two-factor authentication, you should still have a strong password. Similarly, you still need to use two-factor authentication even though you have (what you think is) an un-hackable password.

Is two-factor authentication secure?

Yes and no. Using 2FA on an account is a lot more secure than not using it, but nothing is perfectly secure. That scary thought aside, using 2FA is usually sufficient protection for your "stuff" unless you're a high-profile target or really unlucky.

Using 2FA is usually sufficient protection for your online accounts and services.

On the positive side, if you're using 2FA and some fake phishing email manages to get you to supply your password, they still can't log into your account. The way most people use 2FA for online accounts is to have a token sent to an app on their Android phones, and without that token, the email scammer isn't going to have any luck getting access. They will enter your account user name or ID, then the password, and then they need to supply that token to go any further. Unless they have your phone, the work involved in bypassing the second ID requirement is enough to get the bad guy to say "forget it!" and move to someone else.

On the other hand, if you're someone like the President or Mick Jagger, people are going to want to get into your accounts, and there are ways. The communication between the people supplying the authentication token and your phone is safe for the most part, so attackers go after the website or server asking for the credentials. Very clever folks can hijack auth tokens and cookies, and as soon as one method gets patched, they start looking for another. This takes a lot of knowledge and hard work, which means that the result has to be worth it all. Chances are you and I aren't worth the trouble, so 2FA is an excellent way to secure our accounts.

How do I use two-factor authentication?

It's easier than you might think!

Setting up 2FA on an account is a three-step process. You need to provide your current credentials by typing in your password again (this helps keep someone else from adding it to your account), even if you're currently logged into the service. Then you go into the account settings and enable 2FA on your account. This lets the server know you want to enable it, and it'll ask what kind of authentication you will be using — most common are codes sent to your phone as an SMS message or through an authenticator application. Finally, you affirm the change by supplying a token back to the server. If you're using an app, this might be a barcode you have to scan or manually enter some information into the app. If you chose to use SMS, a code will be sent that you need to enter on the website to finish things up.

That last step happens when you want to log into that account again. You'll enter a username or ID, then a password, and then be asked to supply an authentication number. That number is sent as an SMS, for example, or in the app on your phone if you decided to go that route. You type that number into the text field, and that's it! You have access.

Most services will store an authentication token on your phone or computer, so you won't have to resupply the code the next time you want to log in. However, if you want to set up access from another place, you'll need a code. While the process is practically the same regardless of whether you're setting up 2FA on your Google account or just trying to keep your Amazon payments safe and secure, there are a few differences here and there.

Something else we hear about all of the time is that various Twitter accounts end up getting hacked and those accounts start tweeting out some weird stuff. With a platform as large as Twitter, it's extremely important to make sure you have 2FA set up, along with changing your password on a regular basis.

Why is two-factor authentication so important?

In a world that's constantly becoming more connected with new security and privacy issues popping up just about every day, it's important that everyone out there takes the necessary precautions to protect their online presence as much as possible.

Two-factor authentication is not 100% foolproof, but it adds a significant security layer that can keep unwanted eyes and hands off your data. And when you combine using a password manager with two-factor authentication, you have a better chance at thwarting anyone from getting ahold of those precious logins.

It might be annoying at first to deal with entering your 2FA codes when logging into your online accounts. Still, the extra couple of seconds this takes is well worth the added protection that two-factor authentication provides.

Lock it down

Yubico Yubikey 5 NFC

$45 at Amazon

Keep your accounts extra safe with a physical 2FA key

Everyone should be using two-factor authentication (yes, you!), and one of the best ways to start is with the Yubico Security Key. This USB key fits in any USB-A port and securely saves 2FA login codes for your Google, Facebook, Dropbox, and other online accounts. It's also extremely durable and can be attached to a key ring for easy transportation.



Source: androidcentral
Labels:

Popular posts from this blog

The hidden cost of food delivery

Noah Lichtenstein Contributor Share on Twitter Noah Lichtenstein is the founder and managing partner of Crossover , a diversified private technology fund backed by institutional investors, technology execs and professional athletes and entertainers. More posts by this contributor What Studying Students Teaches Us About Great Apps I’ll admit it: When it comes to food, I’m lazy. There are dozens of great dining options within a few blocks of my home, yet I still end up ordering food through delivery apps four or five times per week. With the growing coronavirus pandemic closing restaurants and consumers self-isolating, it is likely we will see a spike in food delivery much like the 20% jump China reported during the peak of its crisis. With the food delivery sector rocketing toward a projected $365 billion by the end of the decade, I’m clearly not the only one turning to delivery apps even before the pandemic hit. Thanks to technology (and VC funding) we can get a ri
Read more

Cyber Monday Canada: Last-minute deals for everyone on your list

Best Cyber Monday Canada deals: Smart Home Audio Phones, Tablets & Accessories Wearables Laptops & PC Components Amazon products Gaming Televisions Cameras Lifestyle & Kitchen Toys & Kids Cyber Monday Canada is here, and retailers are rolling out the red carpet for customers who want to shop for everything from tech to kitchenware to games and everything in between. Unlike years past, Cyber Monday Canada deals look a bit different than normal. Instead of retailers trying to pack their stores with as many shoppers as possible, we're seeing tons of online deals that you can take advantage of from the comfort of your home. We've rounded up our favorites below, so feel free to browse through the best of what Canada Cyber Monday has to offer! This list is being updated with new Cyber Monday deals all the time, so check back often. Spotlight deals It's a Switch Nintendo Switch Fortnite Edition bundle $399.95 at Amazon It's a Switch.
Read more

iPhone 13 Pro vs. iPhone 15 Pro Buyer's Guide: 50+ Differences Compared

The iPhone 15 Pro brings over 50 new features and improvements to Apple's high-end smartphones compared to the iPhone 13 Pro, which was released two years prior. This buyer's guide breaks down every major difference you should be aware of between the two generations and helps you to decide whether it's worth upgrading. The ‌iPhone 13‌ Pro debuted in 2021, introducing a brighter display with ProMotion technology for refresh rates up to 120Hz, the A15 Bionic chip, a telephoto camera with 3x optical zoom, Macro photography and photographic styles, Cinematic mode for recording videos with shallow depth of field, ProRes video recording, a 1TB storage option, and five hours of additional battery life. The ‌iPhone 13‌ Pro was discontinued upon the announcement of the iPhone 14 Pro in 2022, but it is still possible to get hold of it second-hand. Our guide helps to answer the question of how to decide which of these two iPhone models is best for you and serves as a way to c
Read more

Slack’s new integration deal with AWS could also be about tweaking Microsoft

Slack and Amazon announced a big integration late yesterday afternoon. As part of the deal, Slack will use Amazon Chime for its call feature, while reiterating its commitment to use AWS as its preferred cloud provider to run its infrastructure. At the same time, AWS has agreed to use Slack for internal communications. Make no mistake, this is a big deal as the SaaS communications tool increases its ties with AWS, but this agreement could also be about slighting Microsoft and its rival Teams product by making a deal with a cloud rival. In the past Slack CEO Stewart Butterfield has had choice words for Microsoft saying the Redmond technology giant sees his company as an “existential threat.” Whether that’s true or not — Teams is but one piece of a huge technology company — it’s impossible not to look at the deal in this context. Aligning more deeply with AWS sends a message to Microsoft, whose Azure infrastructure services compete with AWS. Butterfield didn’t say that of course
Read more