2-Factor-authentication
read
Two-factor authentication adds a second level of authentication to an account log-in. When you have to enter only your username and one password, that's considered a single-factor authentication. 2FA requires the user to have two out of three types of credentials before being able to access an account.
You should protect any online accounts where your payment information, reward points, personal identifiable information, money, investments, crypto currency, credentials, medical records, payment card, need to be best protected. These online accounts can include your: Banking, Finance, Investment, Utility, Subscription, Government, Health, Retail Shopping, Social Media, and Technology Accounts.
How does 2-Factor Authentication work?
When you have two-factor authentication activated, you need two pieces of information to get into your account:
- Something you know - Password, PIN, or Pattern.
- Something you have - Smartphone, ATM card, ID Card, App, Security Token FOB, etc..
- Something you are - Fingerprint, Facial Recognition, Voice, Behavior, etc.
Why is two-factor so effective? It’s pretty easy for bad guys to guess weak passwords — especially with all the personal information available today via social media. But hackers will have a heck of a time obtaining that something you have — such as the hardware or software security token or mobile phone you’ve authorized for verification texts. You need to have that mobile phone or token in hand to get the information you need to access your account.
EXPERT TIP - Use one form of two-factor for logging in, and a second, different two-factor combo for recovery.
Types of 2-Factor Authentication
SMS Texts - This is the method where you're required to enter your password and then a one-time code that gets texted to your phone number.
Pros:
- You don't need an expensive smartphone to receive texts.
- Code sent to you in the form of a robocall to have the numbers read aloud.
Cons:
- If your smartphone batteries die, you can't receive texts.
- If you’re traveling overseas or don't get service, you can't receive texts.
- To receive 2-factors texts, you have to provide your phone number to the company that issues them.
- This method is less secure than the others:
- Scammers can use phishing scams to try and steal passcodes.
- Fraudsters may trick you into entering a code into fake websites.
- Criminals can clone your phone number. That is known as "porting". Porting is when a criminal intercepts the text code by taking your existing cell-phone number and transferring it to a different fake account.
Phones and Phone Apps - Apps allow your smartphone to act as a security key.
If you choose to use a mobile app, such as Google Authenticator, you must scan a QR code presented by the site you wish to visit into the app. Once you do that, the app will continually generate the numerical codes required for log-in. You also have the option to print out an image of the QR code for safekeeping. If you lose your phone, you just scan the code into a new one.
- Google Authenticator is available for Android and iOS phones, but you need to have a Google account to set it up.
- Other popular 2-Factor Authentication Apps include: Microsoft Authenticator, Authy by Twilio, Symantec VIP, and Duo Mobile.
Pros:
- Because the App key is stored on your phone, you can use this method even if the device isn’t connected to a network.
- If by chance someone manages to steal your phone number, they would still need your phone to retrieve the App key.
- It is less susceptible to phishing, because it doesn't rely on a passcode.
- You can get push notifications through the app.
Notifications without an App - Instead of installing an app, you can also set up a push-based system.
- Google Prompt which sends notifications to all the phones signed into your Google account when a new log-in is detected. The notifications include location information for the log-in attempt. You then have the choice of approving or denying the attempt. Google prompts prevents account hacking by sending notifications securely to only your signed in devices.
- Apple has adopted a similar approach for its products.