Two Factor Authentication

The internet has wrapped itself around nearly all aspects of our daily lives. The new technology has brought with it an unparalleled level of convenience that people have never before experienced in any previous era on earth. While this convenience is a blessing, it has also opened up the average person to a life of laziness. This complacency can be taken advantage of very easily by anyone who wants to exploit the lack of concern for security.

Usernames and passwords worked well to protect our logins when the internet was still in its infancy. However, things change and now the amount of sophisticated techniques and software for cracking passwords is at an all time high. Criminals have turned to the online circuit in order to take from people what they haven’t earned for themselves. It is now far safer for them to break into your online profiles than it is to hold you up at gunpoint in a dark alley.

By simply figuring out a single email or password you have previously used on a website, hackers can most likely access your information in a variety of other places. The average person uses the same email and passwords on multiple websites or apps in order to make it easy to remember the next time they try to log in. This makes sense but can lead to a criminal having a field day with your bank account and other sensitive data stored online.

It is clear that there needs to be a more in depth way of protecting your logins in order to combat the rampant hacking that is now taking place. Luckily, the large companies that run these sites have come up with a pretty solid solution to this emerging problem and it is most likely already implemented at the websites, banks, and apps that you use most. The solution is a security protocol known as Two Factor Authentication.

What is Two Factor Authentication?

Two Factor Authentication sometimes referred to as Multi Factor Authentication or 2FA, is a process by which a company uses at least two means in order to verify it is actually the person who owns the account logging in. The two means usually incorporate something that only the account holder has and something that only the account holder knows.

An easy way to explain it better would be to walk you through the most basic form of this authentification. The most simple form of this that everyone has unwittingly used before is purchases made using a debit card. Whether going to a store or withdrawing from an ATM, you must present the card and offer a four digit PIN in order to make the purchase or receive the cash. The debit card is something only the account holder has and the PIN is something that only the account holder knows. If a criminal were to take your card they would be caught dead in their tracks when performing a transaction since they have no idea what the PIN is.

There are much more complicated forms of Two Factor Authentication and each company or service has a slightly different way that they handle this protocol. Each has its own pros and cons that we will begin to discuss further.

Mobile Two Factor Authentication

Since most people carry a phone with them wherever they go, many companies have decided to use it as the something only the account holder has part of the equation. When attempting to log in the company will send a verification code to your phone via a text message. The code usually expires after five minutes so the user must enter it in as quickly as possible. This helps bolster security by ensuring something doesn’t grab your phone hours later and log in again.

Some places that have more sensitive data will use an additional authentication app on the phone to generate a unique passcode. Typically banks and other financial institutions will employ this method to keep their customer’s money as safe as possible. The authentication app will quickly flash a passcode to the user who must type it in immediately. The code changes up very quickly in order to maximize the security of this feature.

The advantages of this form of Two Factor Authentication are quite simple. Everyone has a phone with them so it is incredibly user friendly and easy to use. The passcodes are generated by an algorithm on the spot so they are much safer than static passwords. Finally, you can set the number of tries a person gets before the login is disabled. This prevents any hackers or criminals from just guessing the password until one works.

The disadvantages of this method are also quite clear. Phones are easily lost or damaged which will prevent the user from logging in. The phone can also be out of cellular range making the code unable to reach the device in time. There are additional security risks every time you give out your phone number, so that adds an additional concern to worry about. Plus, sophisticated hackers can use a process called SIM cloning to log into your account. SIM cloning involves the process of spoofing a phone so the server thinks their device is actually the one owned by the account holder. There is no way to combat this since the SIM cloning process has become so exact.

Token Generation Two Factor Authentication

Some companies prefer to issue each of their customers a key fob style device that is small enough to fit in the user’s pocket, briefcase, or purse. This device has a screen that flashes a new code every 60 seconds. This code can then be entered in order to login to the website or app. While this eliminates the need for a phone, it does introduce its own set of challenges. Back in 2011, RSA announced that their token generation system had been hacked into. This allowed hackers to generate their own SecurIDs and get into millions of accounts worldwide.

The advantages of this device are quite clear. It is incredibly easy to carry around and won’t encumber or wear down the user. It also doesn’t require changing all of your info over when you inevitably get a new phone. You are also much less prone to theft since the passcode changes frequently and is harder to crack than a static password.

The downsides to this advice are not quite as simple. Of course, it is easy as pie to imagine it being lost since it is incredibly small and can easily fall out of a pocket or purse. But the thing many people are unaware of is what is known as a man in the middle attack. This when a hacker imitates a wi-fi hotspot and an unsuspecting user connects to the phony network instead. Now all of the sensitive data that the person thought was being sent to the company is now going directly to the criminal.

Services that already employ Two Factor Authentication

Many of the big name companies have already begun using Two Factor Authentication in order to give their customers much more piece of mind. In this section, we will look at how places like Google, Facebook, Apple, and Microsoft have all implemented this technology. Each one uses it a tad differently but if you have an account on any of these networks it is a pretty smart move to activate the Two Factor Authentication process for your logins.

Facebook

By setting up Two Factor Authentication on your Facebook you will be required to enter a single use code each time you log on from a device that Facebook doesn’t recognize. This includes things such as your friend’s laptop or a computer in a public place such as a library. While this may seem like a chore, the results would be catastrophic if someone impersonated you on Facebook or stole your stored credit card or bank information.

To enable it, simply go to the top right corner of your Facebook page and click the down arrow. From there go to the settings tab and select security and login. Scroll down to Two Factor Authentication and click edit. You can then follow the on screen instructions to select which methods of Authentication you desire. Once they are selected, click Enable to complete the process.

The available methods include:

  • Text messages
  • Generated Security Codes
  • Tapping security on a compatible device
  • security codes created by a third party authenticator
  • Approving login through email
  • A printed recovery code

You can enable all of these or just text messages in order to finish the setup process.

Twitter

When you enable Two Factor Authentication Twitter they will send a code that is six digits long via text message. You can also select to use a third party code generator if you prefer that method.

To enable authentication for Twitter go to there website and click on the twitter profile icon on the top of the screen. Choose settings and privacy and scroll over to setup login verification. Read the instruction then click start when you are ready to begin. Enter your password and click verify in order to be taken to the screen where you type in your phone number. Once entered you can click send code to receive a text message with your six digit passcode. Enter the code and click submit to finish the process.

Finally, click the get a backup code button in order to receive an additional code. This can be used in the event your phone is lost or you get a brand new number. You want to either take a picture of it or write it down on paper and store it where you can always access it and remember where it is easily.

To set up a third party authenticator, go back to the settings and privacy tab and click account. You want to check under security for the review your login methods button. Enter your password and click set up next to the mobile security app setting. Click start to receive a QR code that you can scan in the third party app. The third party app will spit out a six digit code that you can type into Twitter to complete the process.

Once either of these methods is enabled you will be asked to use temporary passwords when logging into Twitter on other devices. These will be sent via text message so you can quickly enter it in and get tweeting.

Google

Enabling Two Factor Authentication on Google still requires your password but you will also need to provide a code that is texted to your phone. To get started, find the google two step verification page by simply googling it. Once there you get click get started near the top right of the page.

There is a short explanation you can either read through or scroll down and click get started to begin. Log in like normal and Google will ask for a phone number to send codes to. Once you enter the number you can choose to receive codes from either text messages or phone calls. The calls are done with an automated voice so no human will get access to your number when you get called. Once you get a code enter it and click verify to continue the process. You will then be asked if you are on a trusted computer. Click yes if you are on a home pc or a work machine that only you have access to. Click confirm to finish the setup.

Apple

Apple’s Two Factor Authentication involves sending a code whenever you use your Apple ID on an untrusted device. A code will be sent to any device already marked as trusted so you can verify that it’s really you logging in.

To enable authentication on iOs 10.3 or later, go to your settings and click on your name and go to passwords and security. Tap enable Two Factor Authentication and then click continue. On iOS 10.2 or earlier, click on settings and go to iCloud. Tap your Apple ID and then go to passwords and security. Click enable Two Factor Authentication and click continue.

On your Mac Computer, click on the Apple logo on the top left hand corner of your desktop. Select system preference from the drop-down menu that appears. Select the iCloud and click on account details. Click security and select enable Two Factor Authentication to complete the process.

Microsoft

Your Microsoft account will require you to enter a code from your email, text message, or authenticator app in order log in after enabling Two Factor Authentication. Go to the Microsoft security basic website to get started setting it up. Click the more security options link and go to the set up Two Factor Authentication tab. The process is simple and you can follow the on screen instructions if you need any help. Once you are finished, a code will be sent to either your email or phone. Once it is entered you are good to go.

What else is there to know about Two Factor Authentication?

Now that you know what Two Factor Authentication is and how to enable it, there are a few key points you can master in order to maximize the use this technology can have in your life.

1. Always enable Two Factor Authentication on all of your email accounts

You may think it’s only viable or practical to enable authentication on your most used email account or the one that is tied to your bank account. But the truth is that you should really enable this feature on all of your email addresses and drop the ones that don’t yet have this functionality. Hackers can take any email address and cross reference it with other resources across the web to learn all they need to about you.

Just think about how many random websites and apps you have signed up for over the years and used your various email addresses. Many smaller sites that don’t have much security use your email as a username as well. Even more of these sites hold your email just to contact you if you lose your password and need to reset it.

Once a hacker slips through any one of these cracks, he can now start to infiltrate everything else you have. Even if the email isn’t connected directly to a bank or other important institution, most emails require you to link a backup account for restoration purposes. The seemingly unimportant email can be just the doorway a skilled hacker needs to get into something important. If this happens to you, it can take a long time and many headaches before everything is restored to normal.

2. Protect Your Financial Accounts

Most reputable financial institutions offer Two Factor Authentication and it is a huge red flag if they do not. You can use one of the many Two Factor Authentication listing sites to quickly check if all of your institutions have it as an option. All of your bank accounts, credit cards, and brokerage accounts should be secured with this technology as soon as possible.

3. Having a Password Manager

A great tool to employ in conjunction with Two Factor Authentication is a password manager app. These apps allow you to turn all of the passwords across all sites and apps into incredibly long strings of characters that are almost impossible to guess. While you won’t be able to remember these passwords yourself, the manager app stores them all so you can copy and paste them into the relevant fields.

With a tool like this, you then only have one master password that gives you access to all the others. This saves you the trouble of remembering a long list of passwords. Just be absolutely sure you protect your manager app with Two Factor Authentication! This is by far the most important step. When you have set this up correctly, your cyber security is completely augmented.

4. Don’t mark any of your devices or computers as trusted

When one of your devices or a computer is marked as trusted it disables Two Factor Authentication on that particular machine. This means you only need your password to log in to that account. This is a terrible idea as it defeats the entire purpose of enabling verification in the first place!

It may seem far more convenient to let it slide at home, but that lackadaisical attitude is what gets people hacked. You never know what can happen and if your computer or laptop ever gets into the hands of someone it shouldn’t then you are finished. People break in, relationships turn sour, and laptops can be lost on airplanes. Any number of things can happen to leave you vulnerable.

5. What can I do if I accidentally lock myself out?

Accidents happen and the good news is you can still recover your accounts in such an event. It is likely that you will lose your phone at some point or get locked out because you can’t remember your password and have too many failed attempts to log in. Luckily, most services that offer Two Factor Authentication have already taken care of this problem. You can assign a second phone number or email to a majority of accounts in order to give you an extra layer of protection.

To get everything back, you can often get a voice call or have an email sent to your secondary address. The code they give you can then be used to log in and transfer all of your data to a new phone. Alternatively, some companies will even let you print out a code on a piece of paper for extra safe keeping. This is by far the most secure method and should take advantage of this service if it is offered.

6. How can I tell if an app or Website supports Two Factor Authentication?

If you have way too many different accounts to check them all manually, you can try using one of the various websites that lists all of the services that currently offer Two Factor Authentication. Turn It ON is the most popular of the sites and seems to have the most comprehensive and updated list that we found.

Conclusion

Two Factor Authentication is a great tool as long as you use it!

Be sure to implement this technology with as many sites and apps and you possibly can. It can be quite tempting to procrastinate on this but each moment you don’t have protection could cost you dearly. Now that you know what to do the onus is on you to follow through with it. The entire process only takes an hour or two and then you are mostly set for life.

You just have to remember to enable it on any services you sign up for in the future as well so you can stay protected. The good news is that only takes a few minutes to set up a single account.