How many times have you heard the expression, “two heads are better than one”? For most, it starts when you’re young, and then continues on in various forms at school, work and in everyday life. The fact is, when you have more than one set of eyes or more than one mind working to solve a problem, the solution often comes much faster.
The same principle applies to authenticating your identity when logging into your accounts. One factor, which is primarily your password, is often all you need to gain access to your personal and financial information. But what if you could have a second method of authenticating your identity, one that is foolproof and simply can’t be hacked like a password can? It would give you a higher level of security for your data, and a boost to your peace of mind regarding keeping your private information – private.
There is such a method, and it’s called 2-Factor Authentication, or 2FA. It’s also called 2-step verification, because it requires you to complete a second step before your accounts will grant you access to your own data. And when it comes to securing your personal information, 2 factors are better than one.
Table of Contents
Take A Closer Look at 2FA
So, what is 2-step verification? It’s basically a second form of authenticating, or proving your identity over the Internet. There are several different forms of authenticating your identity, including something only you would know, like a password, something you have to authenticate your identity with like tokens, card readers or wireless tags. Finally, it can be something that you are – like your voice, your fingerprint or your face, which is used in facial recognition.
The problem with the category of “something you know”, like a password, is that passwords can be hacked or stolen, which eliminates the level of security you would hope to gain by having a strong, distinctive password. But what if you could add another level of security on top of your password, something that a cyberthief could never see, steal or use? It would make your password impregnable. That’s what 2-step verification does for your security.
You’ve probably seen the message one-hundred times, “would you like to add 2-Factor Authentication to your account?” at the bottom of the page where you’re setting up an online or social media account. But most people click, “not now” or “no thanks” – either because they’re not familiar with the process or they don’t have the time at that moment. However – when you realize that 99% of hacking can be eliminated by having 2FA – you begin to understand why you should always click on “Yes!” when asked that question.
Different Ways to Receive Your 2FA
Think of the second step of verification as a ”one-time password” – or OTP, one that only you would ever see. It could be sent to you as a text, which you would then enter when prompted in order to access your account and data. Or, it could be sent to you as an email, although there is the risk that a hacker could read your emails if they gained access to your smartphone or other device. Some account services will send you a link, that you click on in order to complete the second step of your verification.
Another way some services use 2FA is by “push notifications.” These services have their own authentication apps, and once their app detects an attempt to log in, you’ll receive a notification that you can accept or decline. Another way to receive codes is to have a token, or a device that generates codes for you. It’s the most secure way to complete a 2-step verification, but for now, it isn’t being used on a large scale.
Choosing Your Authentication Software
Go to an IOS or Android app store and you’ll find all kinds of apps that generate authentication codes. As more and more people are accepting 2-step verification, more and more account services are offering their own authentication products. For example, Google Authenticator is one of the more popular ones available, which is no surprise as it doesn’t cost anything to use and works with every account service around. It’s simply a matter of using your smartphone or device to scan a QR code and that’s pretty much all there is to it.
Not to be outdone, Microsoft has their own version called Microsoft Authenticator, and as long as you have a Microsoft account it’s ready to set up – and there’s no cost on this, either. With Microsoft, you download the app and it’ll work with one-tap authentication as well as let you login without using any passwords.
Social media is jumping on the 2FA bandwagon as well, including Facebook, for example. Just be aware that unlike Google Authenticator and Microsoft Authenticator, Facebook’s version only works with Facebook. Amazon goes one step further, offering the option of third-party authentication support or single-purpose two-step authentication options. All are easy to set up and use, and more and more are coming on board every day.
What Could Possibly Go Wrong?
With the robust security protection of 2FA eliminating 99% of potential hacking, it’s a no-brainer to download and use 2FA. Of course, as with anything that is that good, there can be occasional problems. For example, if you break or lose your smartphone or other 2FA enabled device, you’re going to be out of luck until you can convince your provider that it’s really you who lost the phone and that you need a replacement immediately with the same phone number.
If you opt to have your 2FA notifications sent to you via email instead of via text messaging, you run the risk of a hacker getting your code, logging in as you and taking over your email accounts. That simply can’t happen with text messaging, unless you happen to have the hacker in the room with you, writing down the codes as they come in.
Despite these problems, there’s no question that 2-step verification is the way to go. Using the information and suggestions contained above will help you get started – and stay safe.