When protecting your valuable information, 2-Factor Authentication (2FA) is a wise choice. Here’s what it is and how to use it.
Passwords are only the first step to good Security
Every online account we have requires a password. And it can get overwhelming choosing one. That’s why so many people wind up using the same one over and over again, or just as bad, making a too weak password. Here are the top-10 most hacked passwords
LastPass Breach
In this article, I go over the recently revealed breach of LastPass, making 2FA more important than ever.
2-Factor Authentication – The Basics
Basically, 2FA involves something you know, and something you have.
something you know
The something you know is your password. While many of us use a password manager and actually don’t know most of our passwords, still the password is assumed by the app or website to be something we know and type in to gain access.
something you have
The something you have is usually your phone. But there are other devices like a YubiKey that can be used.
methods of using your phone for 2FA
text message
At the least, the app or website sends a text message to your phone with a code for you to enter. This is the least secure method, as bad guys are able to spoof a phone and have the text message routed to them. But in reality, unless someone belongs to a 3-letter government agency, I don’t see them being a target for that.
push notification
This method involves the app or website sending a notification to your phone asking if it’s really you. Both Facebook and Google use this method. This is more secure than text message.
Google does this by default.
authenticator app
To use an authenticator app, when requested by the website or app you are trying to log into, you open the authenticator app which displays a 6-digit code that you enter. This code changes every few seconds.
Examples of authenticator apps:
- Google Authenticator (the one I use)
- Authy
- LastPass Authenticator
- Microsoft Authenticator
…and many more. These are the 4 most popular (although I’m guessing the LastPass Authenticator will be dropping in popularity)
Using an authenticator app involves some setting up, and can me a challenge when you get a new phone. In a future post I will detail how to setup and use an authenticator app.
YubiKey (or similar device)
A YubiKey is a device that resembles a thumb drive. To use it for 2FA, when requested, one inserts the YubiKey into a USB port. This is the “something you have”. In addition, some YubiKeys are NFC enabled so they can be used with a smart phone by simply tapping. And for 3 factor authorization, some have fingerprint readers, so in case it is lost or stolen, no one else can use your YubiKey.
when should you use 2FA?
You be the judge of that. I use it anywhere I would stand to lose something if someone got hold of my password.
- Banks
- Investment sites
- Shopping sites
And as a web developer, any site pertaining to my business.
E-mail is super important to have 2FA setup. If someone had access to your email, they wouldn’t need your bank/investment/shopping password. They could request to change it, and when the email comes to you, they intercept it. change your password, then delete the email.
Now not only does someone have your password, you don’t. You could request a change, but they could simply change it back.
So use 2FA wherever you need it. It’s a bit of a hassle to use in a hurry, but it’s less of a hassle than having a bad guy steal your money.