What is Two Factor Authentication?
When logging into your online accounts with a username and password, you are using single factor authentication. Only one thing is needed to verify who you are, your password.
2FA is an extra layer of protection beyond your password. It minimizes the risk of someone gaining access to your online accounts by combining your password with a secondary protective measure.
Many people even now still use the same password for every account, you may even be one of them… Understandable as it may be for the sake of not remembering multiple passwords, this is a hackers dream.
If they find a way to get just one of your account passwords through a phishing scam or if a business you have an account with has a data breach the potential hackers have access to any and all of your accounts.
Adding 2FA to your login process is a great way of adding an additional layer of security to your accounts and most major websites/applications that require certain levels of security, have 2FA services available in the security settings of your account, however it is up to you to turn on this feature.
You authenticate (prove you are you) based on 3 key things:
- Something You Know -Password, PIN, or answer to a question (pets name etc)
- Something You Have -Phone, credit card, storage device
- Something You Are -Fingerprint, retina, face or voice (bio-metrics)
Though you may no be aware of it, you likely regularly use two-factor authentication already. Every time you use your debit card and enter your PIN code or for those that remember the days of writing a cheque and being asked to show your driver’s license?
These are both versions of two-factor authentication.
- Have the physical card
- Enter your PIN code
- Have the physical checkbook
- Provide your ID
2FA doesn’t make security completely guaranteed and is an additional login step, however it does make it a lot more difficult for someone to hack your accounts if used correctly alongside, strong passwords and robust security settings.
How does two-factor authentication work online?
The two most common forms of online 2FA are
- SMS – the process of entering your password and receiving a txt code on your phone that you need to enter when logging in.
- Auth APP – an option to download a dedicated authentication app to receive codes instead of having them texted to you such as; Google Authenticator, Authy and DuoMobile.
The three different types of authentication:
- You Know this -Password, PIN, or answer to a question (pets name etc)
- You Have this -Phone(SMS or Authentication app), storage device or fob
- You Are this -Fingerprint, retina, face or voice (bio-metrics)
Just the first 2 are used for online logins at this stage but the 3rd is also inadvertently used if logging in through retina/face or fingerprint scan to get into your phone. No doubt this will pretty quickly be added to the security of apps in the coming years but as a standard practice but we have not quite reached that yet.
Generally the 2FA login process is as follows;
- Enter your password
- Prompt to input a code sent via SMS to the registered number or found in your authentication app.
- Recieve a numerical code to be entered to log into your account.
- Enter number to complete login.
With 2FA, if you want to log into one of your accounts, you may need both your password and an access code from your phone. This means even if someone were to figure out what your password is they still can’t get into your account with just that, They also need physical access to your phone to get the code.
**Tip** If you receive an SMS access code for an account you were not trying to log into, change your password immediately. It could be someone has gained access to your password details and they are trying to access your account. It is also possible to intercept SMS verification codes. While using 2FA via text is much safer than not using 2FA, Authentication apps are believed to be safer.
How to turn 2FA on
You will find the option to enable 2FA in the security/privacy settings of your online accounts. Some will call it two-step authentication or multi-factor authentication but they are all the same thing.
SMS – 2FA will require you to input your phone number to the account and they will send you a verification number to enter which will link that phone number to that account.
Authenticator apps – will ask you too scan a QR code using your phones camera or manually input the QR code, this links your account with the application on your phone. This application will have a code for each account you have linked which rolls to a new number every 30 seconds. Unlike a PIN code for a debit card, a 2FA code is used only one time, each time you log into that account you’ll be sent a new code.
These second layer options mean a hacker would need to steal both your password and phone in order to gain access your account.
Banks enable their 2FA systems differently to one another. They usually have different options depending whether you are logging in on your desktop, laptop, or mobile device so check your bank’s website to see what their 2FA options are, and how to set it up.
Have a look at the Two-Factor Auth website for a categorized lists of sites, services and apps to see which support 2FA which don’t.