Managing identities is crucial in today’s volatile information security environment. And two-factor authentication has become an industry standard for secure logins. However, to take advantage of this security feature, you must know understand what it is and how to set up two-factor authentication correctly.
Security breaches happen every day. For companies like Target, eBay and Yahoo that have experienced a breach, hackers stole customers’ personal, login or financial information.
If you’ve experienced a breach, you understand the chaos that ensues: You receive frantic emails to change your login credentials or password and worry whether your information is safe. It’s important to have solid authentication systems during times like these.
Because breaches occur more often than ever, it’s important to have complex passwords and unique login credentials for all your websites. We talk about this in our blog, “Why you need to setup password restrictions.”
It’s also important to have two-factor authentication, which adds another layer of security to your accounts.
One-factor authentication asks you to prove your identity with a username and password. Two-factor authentication is an additional security measure that protects your personal information by requiring a username, password and an additional factor. This is usually your phone number.
For example, a two-factor authentication system first asks you to enter your username and password as usual. Then, it asks for a smartphone number. Within seconds, an authentication code is sent to your phone via call or text. Upon receipt, you enter this code into the system to gain access to your account.
You can also download an app that generates a new code every 60 seconds and links to any account. This acts as an added security measure to keep hackers out. We’ll discuss this form of authentication later.
Adding two-factor authentication is a simple way to secure your data. Let’s say LinkedIn is hacked, and the infiltrators obtain your username and password. If you have two-factor authentication, they won’t be able to get into your account unless they have access to your phone.
Adding an additional factor to the authentication process is also helpful if you use the same username and password for every website. We advise against this in our other blog but understand it happens. If you use the same login credentials for all sites, but also have two-factor authentication for each, hackers won’t be able to access all your accounts just by knowing two pieces of information.
At this point, you might be thinking: Sounds great, but how to I set up two-factor authentication?
First off, DON’T hunt for two-factor authentication instructions on every website you have an account with. Instead, use TurnOn2FA. This website gives detailed instructions and screenshots for setting up two-factor authentications on over 100+ websites.
We recommend setting up two-factor authentication on accounts that have your valuable information first. This includes sites like Dropbox that store your social security, email, credit card, bank account, etc.
Now that you understand the basics of two-factor authentication, let’s go over the different forms.
Two-factor authentication is offered in multiple forms including SMS codes (text message), email codes, authenticator apps and more. We will review the most popular two-factor authentication options below.
What are they?
SMS Codes are standard authentication codes sent to your phone via text message every time you log in to a site.
Recently SMS codes have come under scrutiny for being an old protocol. While it is not the most secure option, it is better than nothing. Over time companies will move away from SMS toward more secure methods.
What are they?
Some services have the option to send an authorization code to your email. It’s the same an SMS code but sent to your email vs. your phone number.
In conclusion, using something that you access via multiple devices to send authentication codes to is probably not the best option.
What are they?
There are multiple authenticator applications on the market including Google Authenticator, Authy, Duo, and many others. When you setup an account, a secure key is created and shared with your phone applications via a QR code. The key is then encrypted on both ends to create a new code every 30 seconds or so.
Aside from the ones mentioned above, there are a few other types of two-factor authentication, though they’re far less popular.
For example, phone call codes are similar to SMS codes, just transmitted over a call. Hardware keys are another type. With these, an authentication code either changes frequently or connects to your device via USB.
Enabling two-factor authentication isn’t a surefire way to prevent a security issue, but it’s extremely helpful.
As Temecula Valley’s #1 IT support managed services provider, we would be happy to answer any additional questions you have about two-factor authentication. Email or give us a call today.