The freedom that comes with the internet means there are a few harmful elements in our midst. There have been several situations where people have woken to find out they could not access their online bank accounts or email, websites hacked, and work compromised. People have continuously reported the illegal use of their credit cards for shady transactions online and offline.
We are used to passwords - those work fine but are not 100% secure, which is why tech companies are continually working on more secure methods, such as PIN-based logins and biometric verifications. These security systems are more reliable because they do not involve the transmission of data over the internet.
While these are still in the works, people are on the lookout for the next best means of protecting themselves online. This vulnerability brings us to 2FA - a higher level security system than passwords.
Introduction to 2FA - Two-Factor Authentication
As the name suggests, two-factor authentication or 2FA is an authentication system that helps double-check your identity's legitimacy. It is also called multiple-step or multiple-factor verification. 2FA ensures the user's credentials and the resources accessible to the user are well protected.
Other authentication methods rely on single-factor authentication (SFA), usually a password or passcode from the user. Conversely, two-factor authentication offers a higher security level by relying on a second factor apart from the ordinary passcode or password. These can usually be a security token or a biometric factor - facial scan or fingerprint.
Two-Factor Authentication - How It Works
When you activate two-factor authentication on any device or online account, you will go through two verification layers before you can access such accounts.
The first layer is where you authenticate with your username and password. If the information supplied is correct, you move to the second security layer that reconfirms your identity. A combination of both second, and already-strong first layers, make your account less vulnerable to hackers.
2FA is not an absolute security measure. While it will keep your accounts safe and hack-proof for a very long time, it only reduces the chances of intrusion and does not remove them.
There are three primary groups of authentication factors, as discussed below:
Group 1 - A Known Entity
Information you already know, such as a password, a PIN code, or an answer to a secret question.
Group 2 - An Entity You Possess
This group comprises physical entities and devices. It could be a mobile phone, a USB stick, a SIM, an ID card, or a key fob.
Group 3 - A Biological Factor
Merely a part of you - your voice, face, DNA, handwriting, fingerprint, or retina scan. Note that a few of the factors in this group are expensive, which explains why most users and service providers avoid them. They are only necessary for critical applications, for instance, bank accounts and financial transactions.
Reasons To Activate 2FA
No doubt, you need to safeguard your accounts and devices. As mentioned earlier, we are stuck with passwords. However, passcodes and passwords are not as secure as people think. You would be surprised at how 'easy' it is for cyber attackers to quickly test and manipulate multitudes of password combinations.
Interestingly, a 2019 online security survey by Google showed that 65% of people use the same password for all their accounts, making them more vulnerable. Hackers can also guess answers to our security questions with the help of background information about you like graduation year, city of birth, favorite uncle and aunt's name, and others. All these leave us more exposed.
But with 2FA and its additional layer of protection, cyber intruders will have a hard time getting past the second security layer. They would have to be very close to you to stand the slightest chance of getting the second authentication factor. So, you are safer, and your activities more secure than using passwords only.
Crucial Applications of 2FA
2FA is not entirely new in the cybersecurity business. Chances are you are already using them for some of your activities. For instance, bank-issued tokens use 2FA - this is why you receive a specific code to access your internet banking. Perhaps, you have also received a few one-time-passwords via texts on your mobile phone? Lastly, we have random password generators like the Facebook Code Generator, and Google Authenticator that people use to access their social media and email accounts.
If you are unsure where and when to use 2FA, the list below offers insight into the online activities that two-factor authentication can help safeguard.
- Communication apps, such as MailChimp, Skype, Slack
- Online or Internet Banking
- Email clients, such as Outlook, Gmail, Yahoo
- Online Shopping Platforms, such as PayPal and Amazon
- Cloud storage platforms, such as Sync, Box, and Dropbox
- Social media accounts, such as LinkedIn, Twitter, Facebook, Instagram
- Password Managers, such as LastPass and Yubico
Now that we know where we need the two-factor authentication let's take a look at how to get it up-and-running.
Activating Two-Factor Authentication
Mobile phones are arguably the most used method for two-factor authentication. After all, almost everyone has one and carries it around. With mobile phones, you either get a one-time code via SMS or generate it using a designated app to confirm your identity when accessing a 2FA-secured online platform.
Although SMS seems more natural to configure, the SMS containing these codes may not arrive on time, especially if you are not within the coverage area. Plus, it may be possible to clone your SIM if the phone is not adequately secured. A cloned sim makes you vulnerable.
Alternatively, you can use suitable mobile apps to generate two-factor authentication codes for your 2FA-secured accounts. There are a couple of apps designated for this purpose, including the Google Authenticator for mobile phones (Android and iOS) and Authy for mobile phones (Android and iOS) and desktop (browser extension and desktop app).
All of these apps rely on the Time-Based One-Time Password (TOTP) algorithm to generate unique, time-sensitive codes that will grant you access to your accounts. Each code generated expires after a short time. You will have to make a new request after that. You will need to set up each of these apps online for the first use - this requires a network connection. Subsequent requests require no connection.
How To Apply 2FA On Your Important Accounts
Let's skim through the activation process of 2FA on top online accounts.
Gmail and Google
Google is central to several other online accounts and activities. So, having a 2FA in place is highly recommended. After successful activation, Google will send you six-digit codes via the mobile phone number you submitted. You will need that to log in each time from a new device. You need backup emails and phones to make this work. Google also allows you to generate one-time backup codes for future use, if you travel to out of range.
Find the step-by-step guide to Google 2FA activation here.
LinkedIn, Twitter, and Facebook
LinkedIn sends a verification code to your registered phone number for every attempted login. You need to input the code to complete your login process.
Learn more here.
Twitter's login verification requires users to type in a code each time they try to access their accounts. There is a one-time backup code for situations where you cannot access your mobile phone.
Learn more here.
Facebook's Login Approvals require users to provide a six-code digit each time they try to log in via a new device. The code comes via SMS to the registered phone number. The Facebook app has a "Code Generator" feature that does the same job.
Learn more here.
You want to safeguard the sensitive data on your cloud with 2FA. Fortunately, Dropbox has a 2FA in place that asks users to provide a six-digit code or a security key for every attempt to log in. You can also get up to 10 backup codes for future emergency use, especially when you are not with your phone.
Learn more here.
The list of services and accounts that provide users with a 2FA security feature is long - this article cannot cover them all. However, you can read more about them on the 2FA website.
When it comes to cybersecurity, having password security in place is not enough. Strong password security is best paired with a two-factor authentication system to beef up security and prevent intruders from accessing your accounts. Two-factor authentication is a long-serving system that regulates access to crucial data and systems. More robust security is why more online service providers are integrating them to safeguard their users' credentials from hackers and scammers.
Avoid weak or easy-to-guess passwords. Instead, stick with unique passwords and ensure that they are regularly changed. Always remember that even with 2FA in place, you do not have 100% security in place. Your accounts are still vulnerable, but the chances your accounts get hacked are slimmer. Like your online service providers, we are confident that these measures are enough to prevent password database theft and phishing campaigns.