What You Need To Know About Two-Factor Authentication

What You Need To Know About Two-Factor Authentication

Click to share

Securing our emails, websites and social media accounts these days cannot be over-emphasized. Malicious attacks against governments, companies, and individuals are more and more common. This article will show you all you need to know about two-factor authentication what it is and how you can use it to secure your online accounts. Two-factor authentication has long been used to control access to sensitive systems and data. Online service providers are increasingly using two-factor authentication to protect their users’ credentials from being used by hackers who have stolen a password database or used phishing campaigns to obtain user passwords. Two-factor authentication provides a higher level of assurance than authentication methods that require just one factor like a password or passcode.

What is two-factor authentication?

an image written "what is two-factor authentication"

Two-factor authentication sometimes referred to as two-step verification, multi-factor authentication or 2FA is an additional layer of security beyond your password. When 2fa is turned on or activated on a user’s account, even if someone has the password, the person won’t be able to get access to your account. Using 2FA will protect your accounts even if someone or a hacker has your password. What if the hacker has access to your email and phone number? We will get back to that in a moment.

Check out an easy way to mirror your device screen on TV.

2FA adds security to the authentication process by making it harder for attackers to gain access to a person’s devices or online accounts because knowing the victim’s password alone is not enough to pass the authentication check. 2FA is necessary for your most important accounts, but I suggest you do this for all your accounts.

The various forms of two-factor authentication

There are many different devices and services for implementing 2FA from tokens to RFID cards, to smartphone apps. Two-factor authentication methods rely on users providing a password as well as a second factor, usually a security token. There are various forms or types of two-factor authentications.

For example, you may have come across a situation where you receive an OTP SMS in your phone from your bank anytime you want to pay for something online. Or the notification prompt you get from google to approve a Gmail login anytime you want to log into your Gmail from a new device. These are just some examples of two-factor authentication. The various forms include:

Phone notification prompt

This type of 2FA prompts you through a notification on your phone telling you that a new device, different IP or browser wants to access your account. In this case, you need to verify the login attempt if you’re the one trying to log in or reject it if you’re not the person trying to log in. An example is the Gmail notification prompt I stated above.

Email 2FA

This type is similar to the phone notification prompt. The difference is that your account will send an e-mail instead of phone notification. The email usually contains a pin or a verification link. You now have to enter this code or click on the verification link to confirm your login. An example of this is when someone signs up on Facebook. Facebook sends a pin to the email the person used to verify the email used and the person’s facebook registration.

SMS 2FA

In this type of 2FA anytime the user enters a username and password to login, a pin is sent to the phone number associated with the account. The user will then use this pin to verify login process. You can setup this type of authentication on social media accounts and emails. It can be set up on Facebook, Instagram, Twitter, Gmail, Microsoft, and yahoo mail.

2FA Using an app

in image showing 2FA

Like I asked before; What if a hacker has access to your email and phone number? You may be wondering how a hacker can have access to your email and phone number. Although SMS-based 2FA is inexpensive, easy to implement and considered user-friendly, it is vulnerable to numerous attacks. You need to avoid this and also prevent unauthorized access to your accounts. You will need an app called google authenticator or another app called Authy. Anyone of these two authenticator apps can be an extra layer of security and prevent unauthorized access to your accounts. There are other 2FA apps out there but these two, as far as I know, are the most trusted apps. You can get these apps on Appstore for iOS devices and Play store for Android devices.

How to set up 2FA on an account

To set up 2FA on an account, the user will need to locate security settings on the account. A barcode, a key and sometimes a backup code will be displayed. It is important to save the barcode, key and backup code before proceeding to the next step. Then use the authenticator app (Google Authenticator or Authy) to scan the barcode or enter the key by manual entry.

It is very important that the user saves the key and barcode because if the authentication app gets lost or uninstalled, the user may not be able to complete the verification process anymore. The user will need to scan the already saved barcode or manually enter the saved key in an Authentication app. After scanning the barcode or entering the key, the six-digit numbers will start displaying again on the authentication app.

How to use Authenticator or Authy to secure an account

An image demonstrating two-factor authentication

Most attacks originate from remote internet connections, so 2FA makes these attacks less threatening. Obtaining passwords is not sufficient for access, and it is unlikely an attacker would also be able to obtain the second authentication factor associated with a user account.

Authenticator apps replace the need to obtain a verification code via text, voice call or email. These apps work on your phone by displaying numbers that expire every 30 seconds and are different for every login. To access a website that supports Google Authenticator like Facebook and Instagram, the user enters their username and password. The user is then prompted to add a six digit number displayed in the authenticator app. So the user won’t need to wait for SMS or email because the authenticator app automatically generates the number. The verification process is complete when the user enters the correct six digits number.

Conclusion

It’s important to do everything you can to improve your online account security. User ID and password alone are not the most secure. Given enough time and resources, an attacker can breach password-based security systems. Passwords are also preyed to external threats, such as hackers using brute-force, dictionary or rainbow table attacks.

Don’t allow anyone to have access to your photos or have a hacker destroy your account because you haven’t set up 2FA. Apple iOS, Google Android, Windows 10 and BlackBerry OS 10 all have apps that support 2FA.

Get Google Authenticator for Android.
Get Google Authenticator for iOS.

Download Authy for Android.
Download Authy for iOS

Enter your email address to subscribe to this blog and receive notifications of new posts by email.


Use the comment section below if you have some information about 2FA you would like to add. For further questions or inquiry, you can use the comment section or send a mail to [email protected]

Click to share

2 thoughts on “What You Need To Know About Two-Factor Authentication

Leave a Reply

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.

shares