With major cyberattacks dominating headlines in recent weeks, you may be wondering how you can protect yourself online, whether it’s your social media accounts or banking accounts.
And the best way to do that is via two-factor, or sometimes multi-factor, authentication, which requires you to enter a second randomly generated password in addition to your standard account password.
Many businesses use two-factor authentication as a standard security measure. In fact, the Colonial Pipeline ransomware attack was successful, in part, because the legacy VPN profile hackers used to break into the network wasn’t using two-factor authentication.
But what is two-factor authentication and how do you set it up for your accounts? I’ve got you covered in this week’s Tech Support.
Security for your security
When you create an online account for any service, you set up a password. But many of us, yours truly included, have incredibly bad password habits. We use easily guessable passwords, re-use passwords, or use slight variations of passwords we already use for other accounts. Have you ever seen the list of the most used passwords of 2020? It would be laughable if it weren't so dangerous. Top choices include, and these are real, “123456,” “123456789,” and “password,” to name a few.
Two-factor authentication can save you from your horrible password habits by adding another layer of security. Even if you think your passwords are as secure as possible, they can still be hacked, making two-factor authentication a must.
Types of two-factor authentication
There are three main types of two-factor authentication. The most common form uses text messages. When you enter your user name and password into an online account portal, the app or service you’re signing into will ask to send you a passcode to your phone number. You’ll then have to enter that number to finish signing in.
This method has its flaws, though. Hackers have been able to clone victims’ phone numbers, giving them access to their text messages and their two-factor sign-in passcodes.
The more secure method is to use a two-factor sign-in app. Google (GOOG, GOOGL) and Microsoft (MSFT) offer such authenticator apps for iOS and Android that provide you with a one-time passcode for your apps. You may use a similar kind of app for work such as Duo Mobile (CSCO). The issue, though, is that you’ll always need to carry your phone with you if you plan to sign into a new account.
What’s more, if you switch to a new phone, you’ll have to remember to deactivate two-factor authentication on your old phone. The reason for that is that your authenticator app is tied to your old device. Once you deactivate two-factor authentication on your old phone, you can enable it and your authenticator app on your new one.
Other two-factor authenticators use physical keys to log you in. In these instances, you’d use a key fob that generates a randomized passcode that you enter after inputting your username and password. While these are incredibly secure, they’re also a pain, because it means you won’t be able to log into your account if you don’t have the fob with you at all times.
Increasingly, companies are relying on things like fingerprint readers and face scanners to act as a form of two-factor authentication, as well, adding even more security to their systems.
How do you enable it?
Each app and service has different methods for activating two-factor authentication. Much of the time, you’ll receive a prompt to enable the feature when signing up for a new user account. In other instances, you can turn the security feature on by going into your app’s user profile settings.
Got a tip? Email Daniel Howley at firstname.lastname@example.org over via encrypted mail at email@example.com, and follow him on Twitter at @DanielHowley.
More from Dan: