You’ve probably used 2 Factor Authentication (2FA) and maybe didn’t even know it.
WHAT IS 2FA?
2FA is essentially a password for your password. When you login to a website or an app, you enter your username and password, and then you are prompted with a box to enter an additional password. This password is typically a randomly generated 6 digit number that changes every 30 seconds. Once you put in the correct number, you are then logged in. With this method, you could give your username and password to someone, and they still would not be able to login to your account.
WHEN SHOULD I USE 2FA?
You should always use 2FA if it is offered to you. Every day there are millions of security breaches that are stopped with 2FA prompts. There have been countless data breaches from big companies, and those passwords that you are likely still using at least on one website, have been leaked and are used to try to log into millions of websites. Trading a little inconvenience for a lot of security is always worth it, and will ultimately save you many headaches and sleepless nights when inevitably someone tries to break into your account.
TYPES OF 2FA
There are many types of 2FA. Here are some of the current options categorized by how secure they are:
Less Secure
- SMS (text message sent to your phone)
More Secure
- Mobile push (a prompt is pushed to your smartphone for approval
- 2FA app with rotating codes
- Duo
- Microsoft Authenticator
- Authy
- Google Authenticator
- Security USB Key
Email and sms are very commonly used, mostly because this is the setup with the least amount of work, and companies that want to enforce 2FA can do so without requiring the end user (you) to set anything up. There are some inherent problems with email and sms though.
Email:
Email can be bypassed if the hacker can gain control over the users email. This happens often with phishing emails, or when the user uses the same password for email and the service they are protecting with 2FA, which is also very common.
SMS:
You would think SMS would be safe right? Only you have your phone and access to your phone number. However the problem here is that it is incredibly easy for someone to pretend to be you, go to a carrier, and get a working sim card with your phone number. Now they can accept the text on your behalf, you never see it, and they gain access to the account. The carriers figure it out eventually, but not before the hacker has had enough time to gain access to what they need.
Though SMS and Email are less secure methods of 2FA, if that is the only solution, it is better than none at all. If any service you use has the ability to set up 2FA with an app, you should go and do that now. Email and banking are 2 big ones that should have this security measure in place. Any account that you feel would be a major problem if someone were to get in, should be protected by 2FA. If it isn’t, go turn it on. If they don’t support it, call them up and ask why. If they don’t care, go to a competing service, because security should always be taken very seriously.