What is 2-factor authentication? As you understand the growing importance of securing your online accounts, it’s likely you’re hearing about 2-factor authentication (aka “2FA”) more and more. Here’s an explanation of what 2FA is and how you can effectively use it to increase your online security.
What is 2-factor authentication?
Two-factor authentication is a method by which an institution, website, social media platform or other application verifies your identity beyond the first step of using your password.
While you should already be using a secure password, 2-factor authentication is an added layer of security to make sure that even if somebody where to gain access to your password, they still wouldn’t be able to log into your bank, email or other account.
In short, it’s a very good security measure and one that I recommend you employ. I’m going to break this explanation down into three different parts:
- How 2-Factor Authentication Works [Video]
- Different Kinds of 2-Factor Authentication
- Where to Use 2FA Online
Below I’d like to give you an idea of how 2-factor authentication works and how you can start using it today.
Understanding 2-Factor Authentication [Video]
To begin, take a few minutes to watch this 4-minute video showing you exactly what 2-factor authentication is and how to set it up (in the video I use Facebook as an example).
Of course, you can just scroll down if you’d rather read through the information.
Get weekly online security tips when you subscribe to AllThingsSecured on YouTube!
Now, let’s take a moment to break down the most common types of 2-factor authentication being used today.
Different Types of 2-Factor Authentication
When you hear the term “2-factor authentication,” it may be a bit confusing at first. The reason is that this form of security is implemented in a number of different ways.
Let’s take a look at the most popular ways that companies are deploying 2-factor authentication:
1. Text Messages as 2-Factor Authentication
One of the most popular methods of 2-factor authentication is the text message.
Setting up text message 2FA requires you to give the company your phone number and allow them to text you a code when necessary.
Once enabled, text message 2FA goes like this:
- Sign into your account using your password. Instead of logging in, you’ll be directed to a page that asks for an additional code.
- A numeric code will be sent to your phone as a text message.
- When you receive the text, enter the code when prompted to get access to your account.
Unfortunately, text-based 2FA isn’t a fool-proof method of securing your accounts. A new attack known as “SIM swapping” hit even the CEO of Twitter in 2019.
2. Authenticator App for 2FA
Another popular – and frankly more secure – method of 2-factor authentication makes use of what are known as authenticator apps.
To set up, you’ll be required to download the app on your phone and scan a QR code. At this point, the process goes like this:
- Sign into your account using your password. You’ll be directed to a page that asks for an additional code.
- Open Google Authenticator and find the 6-digit code.
- Enter that code when prompted to get access to your account.
This method of account security is harder to hack. However, as with all security, there’s the added step of opening up another app on your phone and copying the numeric code before the timer changes it.
3. Security Keys for 2-Factor Authentication
The newest method of 2-factor authentication is the security key (see my look at the Google Titan Security Key).
While it’s common within tech companies to use security keys, it’s only recently become popular among the general public.
Setup for security keys is a bit more technical, but once complete, it makes life much easier. The process is simplified to look like this:
- Sign into your account using your password.
- As long as you have your security key on your keychain (for phones) or plugged into your USB port, you’ll immediately get access. No need for codes or additional steps.
In this scenario, nobody is able to log into your account unless they have both your password and your physical security key.
Again, no single method is foolproof, but it’s certainly the next step of added security for your important accounts, which I’ll detail below.
Recommended Uses for 2-Factor Authentication (TODAY!)
The 2-Factor Authentication method is being used by a growing number of companies including financial institutions, social media platforms and many other online applications.
You can find a comprehensive list of websites and apps that allow for 2FA, but for the sake of this article I’d like to give you a list of the most important areas where you should consider using 2-factor authentication today.
- Your Email: Set aside time to enable 2-factor authentication for email before it’s too late. This added layer of security is available for Gmail, Hotmail, Yahoo, Office 365 and many other popular email providers. If your email service provider doesn’t offer 2-factor authentication, honestly, it’s time to start migrating to a new email.
- Your Financial Institution: Unless you still live in the stone age, you probably manage your bank account online. All major banks allow – and even encourage – their customers to enable 2-factor authentication. Go into your security profile and set it up.
- Your Social Media Platforms: Whether you use Facebook, Twitter, Pinterest, Instagram or others, it’s possible to enable 2-factor authentication on all of them. The biggest hurdle is figuring out how to turn it on, which usually requires users to go into their account’s advanced settings.
- Wherever You Store Sensitive Data: Do you host websites? Do you upload documents to Dropbox or Evernote? Wondering if Google Drive is secure? Think about areas of your online existence where a stolen password could be a big problem. Most of the time, these services will offer 2-factor authentication. If they don’t, I suggest you find an alternative service.
- Wherever Available: Frankly, if 2-factor authentication is an option, you should use it. One of the things I love about my 1Password password manager, is that it alerts me if 2FA is available for a login and I haven’t already set it up.
Inconvenience is the New Standard of Security
Here’s a quick tip for you.
In a world where we value ease and expediency, inconveneince is the new standard of security.
What do I mean by that?
Well, if I’m really honest, I have to say that it’s quite inconvenient to have to wait for a text message or log into my Google Authenticator just so that I can check my account balance at my bank. It’s annoying when all I want to do is check my email on my computer.
The desire to eliminate those inconveniences is exactly what is going to make you vulnerable with your online security.
Yes, 2-factor authentication is inconvenient.
Hopefully, as the adoption of security keys grow, authentication will become much easier.
In the meantime, I highly suggest you swallow your frustration and endure the annoyance. It’s the new standard of security.
Final Thoughts on 2-Factor Authentication
If you’re reading this right now and you haven’t yet enabled 2-factor authentication, please stop and do that…
Take advantage of this extra layer of security for your email, banking, social media and online data storage. It only takes a few minutes to set up and it could make a world of difference for you online.
Remember, though: this is an added layer of security.