What is Two Factor Authentication? A Helpful Guide for Cybersecurity Dummies
Updated: Feb 24, 2022
Two Factor Authentication or (2FA) shouldn't be overwhelming or something to be afraid of. 2FA simply makes your online accounts much more secure when you log in to them. You need to possess the password for your account as well as a means of verifying who you are. Simple right? Believe it or not, Two Factor Authentication first emerged in 1986 in the form of a key fob... Now things have certainly changed a bit since those days and in this blog post, we are going to break down 2FA for you and make it easy to understand.
Why is a password not good enough?
Let's start at the very beginning. In order to create an account online, whether that's email, social media, subscription or a bank account, you need to create a log in. This login generally requires a username, password, and/or an email address. This is the first layer of security.
Seeing as how you don't want anyone else to have access to your account, you create a username and a password unique enough so only you can log in. Here are two big reasons why the first layer is not good enough for security purposes. 1 - You use the same password for multiple accounts. This is a security risk because hackers LOVE password recycling. Security breaches happen all the time and if you re-use the same password everywhere all it takes is one account to be hacked and all your accounts will give the hacker access. 2 - Humans get tired and lazy. It takes effort to create unique passwords and remember them. You either need to find something like LastPass or have an amazing memory. When you get annoyed with remembering passwords you get lazy in order to make it easier on yourself. This sets you up to be hacked easier. Two Factor Authentication is an extra layer of security that makes it that much harder for hackers to access your private accounts. Microsoft shared an incredible report from 2019 that concluded 2FA blocks 99.9% of automated hacker attacks. A similar report from Google had the same conclusion.
The most common forms of Two Factor Authentication
The following forms are the most common 2FA methods.
Fingerprint / Face recognition like Apple TouchID / Apple FaceID
Smartphone Code sent to an APP (One Time Password)
Is 2FA hard to set up?
It really isn't that difficult to set up two factor authentication.
As mentioned previously the first layer is your password.
The most common second layer of security is your smartphone.
In 2022 almost everybody owns a smartphone making it pretty straightforward to set up 2FA.
Your smartphone assists with the second layer of security in one of two ways.
A text message or call
An app on your phone
Sounds pretty simple right?
"True Cybersecurity is preparing for what's next, not what was last." – Neil Rerup
Let's break down which service you should protect with 2FA.
Online Accounts you should protect with 2FA
You probably have hundreds of accounts across the internet, anything from Amazon to Google to Facebook to your local pizza shop. Which accounts need 2FA? Well let's get this right out of the way, any account that supports 2FA would be a good one to protect! We'd recommend starting with the following accounts. 1 - Bank / Finance Related 2 - Password Managers 3 - Google, Microsoft, and Apple Accounts 4 - Social Media Accounts 5 - Shopping and Commerce Accounts
Yes, that's quite a few accounts... So how do you actually set up 2FA with your smartphone?
Set up 2FA with your Smartphone
Here's the good news, setting up your second layer of security via 2FA with a smartphone is very very easy.
-- Method 1 -- SMS Messages
Let's use Twitter as an example. 1 - Select MORE (three dots in a circle in the bottom left of your screen) 2 - Select Security and account access 3 - Select Security You'll see this screen.
Now select Two Factor Authentication. You will see the following screen.
You can choose either text message(SMS) or use an Authentication app. In this method, we are using SMS so select that. Now you just need to input your mobile number and tap OK. You will now receive an SMS message from Twitter with a six-digit code. Enter the code into Twitter and viola your 2FA setup is DONE! Now in order for someone to access your Twitter account, they'd need your password as well as your 2FA 6 digit code.
-- Method 2 -- Authenticator App
To make use of an authenticator app you will need to still an app on your smartphone. There are a few options for you depending on the device you use. Here are a few. Google & Microsoft Authenticator - both highly used and reliable Authy - very easy to use Last Pass Authenticator App - if you use LastPass for your passwords this is a great option andOTP - open-source alternative activeauth - a MailSPEC product! 2FA and MFA or Multi-Factor Authentication is native to our core products. We provide biometric control over web access for our users and activeauth is integrated to 3rd party applications with OTP support. The mobile experience is seamless for a transition to higher security on a private system that is easy to use and onboard.
Once you've downloaded the app you are ready to use the authenticator app as a form of 2FA. Let's use Twitter again as an example. 1 - Select MORE (three dots in a circle in the bottom left of your screen) 2 - Select Security and account access 3 - Select Security You'll see the same screen as the last steps. Select Two Factor Authentication again. This time though, select Authentication App. This popup will appear.
Select get started.
Now using your authentication app, select add a new account and then scan this code using your smartphone camera! The app will do the rest. Once the account is setup it will begin generating codes for you every so often. This randomization really ups the security with 2FA! Now there's one last step! You need to enter the current 6 digit code from the authenticator app into Twitter. Simply enter it below and viola, you have set up 2FA with an authentication app.
2FA will vastly increase your online security
Two Factor Authentication increases your online security by adding a second layer of security to keep hackers at bay. We hope this blog post has been helpful for you, follow us on LinkedIn and Twitter for all things Cybersecurity, and stay tuned for more helpful blog posts from the Cybersecurity world.