Two-factor authentication is one of the most effective ways of securing an online account and will protect you from the majority of the most common account-hacking scams on the Internet. Yet it remains one of the most overlooked security tools.
So here we go into what two-factor authentication is and how it can protect you and thwart the crooks trying to scam you.
All Internet users will be all-too-familiar with the typical process of logging into an online account. You go to the website’s login page, type in your username and password, click login and voila, you’ve logged into your account. In fact most times it’s even easier than that, because your browser has remembered your password and username for you and either keeps you logged in or autofills the login textboxes.
You’ll notice that in this scenario, the single (only) level of security is the password (since username’s are generally considered public information.) Consequently this scenario is called single factor authentication.
The downside to this is clear; if a crook obtains your password, they’ll have access to your account. And while a password was once considered secure, there are so many commonplace scams – such as phishing attacks, malware, social engineering schemes, data breaches and credential stuffing attacks – that have become incredibly effective at stealing passwords.
Two-Factor-Authentication (or 2FA) introduces a second level of security to an account. It means that to log into an account, a user needs to verify their identify twice. Most popular websites and apps support 2FA. You will need to setup 2FA for each account you want to secure, and you need to set it up using the website or app’s own security options.
For most home users, this means complementing a password with an additional method of verification. What that is will depend on the user’s own preferences and the options available for a specific website or app. We take a look at some of the common options next.
Sponsored Content. Continued below...
What type of 2FA option you have on an account depends on the account you are securing, as different websites and apps support various options. We list the most common below.
The earliest and most popular form of two-factor-authentication is through using a code sent to your phone using SMS (text) message. After entering your password, the website would then ask for you to enter the code to confirm your identity.
Of course this means giving each website or app you want to enable 2FA with your phone number, which many are hesitant to do. This method is also vulnerable to SIM-swapping scams.
Instead of having a code sent to your phone, you could have your device generate a code instead using an authenticator app. This is one of the more preferred options currently since it is more secure than having a code sent via SMS.
The user needs to download and install the authenticator app on a mobile device such as a phone or tablet. The same authenticator app can be used to generate codes for multiple accounts.
Firstly, a user needs to link the authenticator app to each account they want to secure (instructions will be provided by the authenticator app and/or website)
And finally, upon installation, when logging in and being prompted for a code, the user just needs to open the authenticator app and enter the code it displays.
This option is popular with services like Google, where you will likely be logged into multiple devices at once, such as your phone, tablet and PC. A push notification will send a notification to a second trusted device that you’re logged into, asking you to confirm that it is you trying to login on the first device.
So in this case, when trying to login, after you enter your password you will get a notification on a second device where you are already logged in. All you need to do is confirm that it is you and you’re done.
While used less frequently, 2FA can also include the use of biometric data (thumbprint, iris scan facial recognition) and USB keys (e.g. YubiKey)
Sponsored Content. Continued below...
This will depend on the website or app you are logging into. One of the perceived downsides to 2FA is the extra effort needed when logging in (having to enter two pieces of information instead of just one.)
However many websites, notably Facebook, will add each device you’ve logged into your account using 2FA as a trusted device, meaning you only need to add the extra information once. Other websites, such as PayPal, will ask you every time you login.
The unequivocal answer here is yes. Two-factor authentication is readily available, easy to setup and use, is now widely supported and provides protection against the vast majority of online scams that target home users. Even if you consider yourself Internet-savvy, 2FA also offers protection against data breaches and credential stuffing attacks which a person can do nothing about.
While online banking will come with its own protective measures, other sites including Facebook, Twitter, Instagram, eBay, Etsy, PayPal and a whole host of other sites and apps which likely contain sensitive or personal information about you can be protected using two-factor authentication.
The specific set-up instructions will vary from site to site, but you can easily find out how to set it up and what options are available to you using the website’s help feature.