Two-Factor Authentication (2FA) is a necessity to ensure your daily security, no matter who you are. It can protect your social media accounts, banking accounts, email, or just about any other online service from being hacked. “How?” you ask. Well, let’s take a closer look at how it works and how to get it working fast. To keep your online identity as secure as possible; read on. How do you enable 2FA?
Two-Factor Authentication
I have come across 3 three three types of people in my life.
- One: Who park their cars at roadside parking, but keep the keys safely inside the house.
- Two: Who park in their lockup garage.
- Three: Who have installed advanced anti-theft systems for their garage.
In the cybersecurity world, the first type of people are the ones with single-factor authentication. They are happy with a username and password to keep their data safe, just as keeping their keys securely inside their house. The second type of people probably have a more valuable car and want an extra layer of security by parking inside a locked garage. This is a two-factor authentication where a username and password is accompanied by a secret question or code on your phone. The third type, treat their cars as a precious possession and add multiple layers of security. For them, their data holds highest importance and requires a combination of measures, called multi-factor authentication, to keep it safe.
What is 2FA?
Two-Factor Authentication (2FA) is a process of combining two safeguarding methods to reinforce the authenticity of a user. This usually includes a password for your login and a trusted device for secondary input (like your mobile).
Why do I need 2FA?
Adding a 2FA makes it more difficult for a hacker or an unauthorised person to break into your online accounts. If your password is easy enough for someone to guess (like Password1), then adding one more step will make it harder for them to break into. It also helps a service provider to reinstate trust and ensure nobody is trying to impersonate you.
Where can I use 2FA?
2FA is used where the value of information is high and susceptible to theft. 2FA is commonly used for
· Internet banking transactions – online payments, managing payees, investments
· Online modification of personal data on official records
· Changing privacy settings on websites
How can I configure 2FA?
The first step to configure two-factor authentication almost always involves setting a username and password to establish initial authentication into the application.
The second step involves generating on-demand code using one of the following methods:
Mobile phone
This is a widely accepted choice because every person carries a mobile phone (rare exceptions possible). Mobile phones can be used to send one-time password (OTP) through SMS, or using a pre-defined pattern configured on the registered phone, or biometric recognition (like face or fingerprint). Some newer applications have started experimenting with voice recognition. A prerequisite for using mobile phones for 2FA is that the mobile number is required to be registered with the application in advance.
A registered email ID is used to send a one-time password, or secret link which can be used to reaffirm a user’s actions. This method requires easy access to email, since the OTP / link expires after a limited time.
Physical Device
Physical device, like a security token or RFID tag, is used to generate random temporary access codes which can be read by tag readers and then authenticate the user.
Security Questions
Some applications allow you to set up a set of personalised security question(s). You may choose from predefined questions or add your own unique questions. The key is to make the answer as personal and private as possible. Something like “Name of my first crush?” or “Place where I was born?” or even “Number of puppies my dog had?”. (You may get as creative as possible!).
Authenticator Apps
Authenticator apps can be installed on your mobile phone to generate codes. Your application (say Facebook, Twitter, etc) can be linked to the Authenticator app by scanning a QR code or entering an alphanumeric code. These codes can be used for two-step authentication whenever a login is attempted from a new device.
Usually applications allow users to choose from a combination of two or more of the above methods to configure 2FA. Once configured, every time you access the application, you will be prompted to authenticate using your username and password. Then, depending upon the action being taken within the application, the second step will be presented to the user to verify his/her identity.
A step-by-step guide to configure two-factor authentication for commonly used apps can be found here.
As they say, “more the merrier”. A two-step authentication process provides a good shield against many attacks. But this can be taken a step further by configuring many levels of authentication. It’s obviously called, Multi-Factor Authentication (MFA). While 2FA suffices for most everyday activities on social media and securing sensitive personal devices, MFA becomes a preferred choice for securing the most important assets.
Too many cooks makes a more delicious broth here!
TL;DR
Two-Factor Authentication (also called TFA or 2FA) uses a two-step method to verify a user’s identity.
Step 1: Set up a username and password for the application/device (usually this is part of an initial registration).
Step 2: Configure your mobile number and/or your email address and/or a secret security question within your application settings. (Other methods explained below.) This helps the application to send a unique one-time code / link, or face / fingerprint recognition, to reconfirm the user’s authenticity.
A step-by-step guide to configure two-factor authentication for frequently used apps can be found at the ACSC website here.