We’ve obviously chatted about passwords and passphrases and tips for managing too many passwords. Obviously, strong passwords are very important in protecting your online accounts, but there is an additional way you can protect many of your accounts: two-factor authentication. What is it and why should you use it? Read on for all the details.
So what is two-factor authentication or two-step authentication (aka 2FA)? Put simply, it’s an extra layer of security using two different authentication methods when logging into something. Typically, the first layer is your username and password, and the second layer is a piece of information only they should know or have immediately to hand — such as a secondary code provided by text message, physical token, or soft token provided by an authentication app or something similar.
It’s a much more secure system of logging into online services and is especially recommended for critical online services (like banking websites).
Loads of web sites support two-factor authentication. See if you can find the service you’re looking for at this massive database and follow the links to the 2FA setup for the service you’re looking for.
There are a variety of multi-factor authentication methods, but we’re going to touch on the two most commonly used: receiving secondary codes by text message (aka SMS) or by a smartphone app.
When you setup a service to 2FA via SMS, you’ll receive a text message after logging into a service. That text message will contain a code that you must then enter as part of the login process (typically on the page after you’ve inputted your username and password). This is the simplest 2FA method for most people, and works with quite a few web sites out there. However, it has its own quirks, especially if you are in an area with poor cell phone reception or if there’s a delay in receipt of your SMS message (or it doesn’t come through at all, which can happen if you’re roaming outside your home provider’s cellular network or are in a foreign country).
The other option is to use a smart phone app that will generate codes needed for 2FA. Most online services use a generation system that uses the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP). In simple terms, that just means you need to install an app on your smart phone that supports Google Authenticator’s code generation methods. There are several options for each platform:
- Google Authenticator App: Android – IOS
- Authy: Android – IOS
- Duo: Android – IOS
- Authenticator Plus: Android – IOS
After you install one of the apps, you then go into the 2FA setup for the service you’re using. For the fancy algorithms above to work properly, you generally just use the app to take a picture of a special barcode provided by the online service. The app will do some fancy math and will then allow the app to generate codes for you. Once you enable the 2FA for the site, you’ll log in with your user name and password, and then run the authenticator app and input the code it gives you for that service.
The smartphone method isn’t perfect, either. If you don’t have your smartphone on your person when you’re logging into a site, you won’t be able to input the secondary code – which means you won’t be able to get onto the site without jumping through a bunch of hoops. Most sites will allow you to generate a handful of one-time-use codes that you can print out and keep in your wallet for those sites you cannot live without.
Extra security is never easy, but if you value your privacy and the security of your accounts and your data, two-factor authentication is an additional security measure that will help keep things locked down tight.