Time and time again we are surprised on just how many people have had their account logins for various websites compromised. Internet security becomes more and more important every day as the internet is constantly growing with many services and stores being brought online.
So what is Two-Factor Authentication?
Two-factor authentication, also known as multiple-step verification, is a process that is setup to double check your identity when logging into a website/service.
How does Two-Factor Authentication work?
When you sign into your account, you normally input a username and password and click the button to confirm. Then you are usually ready to go about your normal business. With two-step verification enabled on your account, you are adding a second layer of verification of your identity. This second step for logging in is usually confirmed by sending you a code to your email or mobile device, and request that you input that code on the website to finish the login process.
So, how does this make my account more secure?
Let’s say that an attacker has managed to get your username and password. Normally, at this point they would be able to just log in and wreak whatever havoc they are planning. With two-step authentication enabled, they now need an additional code to be able to get in. Stealing this additional code is much more difficult and usually requires that the attacker gain access to your email or have your mobile phone to get into your account.
Do I really need to take the time to setup Two-Factor Authentication?
You might think your password is strong and nobody could ever guess it. Attackers have sophisticated ways of stealing and/or cracking passwords. Passwords themselves are not enough to keep your account secure anymore. Our lives are intertwined with services and goods that are manipulated constantly through networks attached to the web.
Ask yourself this, “how many places do I use the same pin or password on?” The average person uses the same password everywhere. You may come up with a strong password, but if you are using it for all of your logins, then an attacker only has to gain access to one password to have everything in your life connected to the web.
Security questions can provide a small additional measure, but these answers can easily be guessed or socially engineered.
So what do I need to do to protect myself?
Once you get started using two-step authentication it will become second nature to you. We honestly believe that you should enable two-step authentication everywhere, but at least it should be enabled anywhere that you have pertinent information such as credit card information, or any other personally important data. This means you should be using this measure on social networks like Facebook and Twitter too.
There are multiple options for setting up two-factor but one of these options is much stronger than the rest. The best option to protect yourself is to download an app such as Google Authenticator or Authy. Our personal favorite is Authy, as Google Authenticator currently still can’t be transferred to a new phone if you lose your phone or upgrade to a new device.
Setting up Authy is simple. Once you download the app on your phone you will input a password that will attach your number to an account. You can also setup a PIN like you use at the ATM so if your phone were to be lost, the pin would be required to open the app.
Once you have Authy, or any mobile authenticator of your choice setup on your device, you can then begin using it on any website that supports it. You usually can find the security setup in your profile settings on the website of your choice. The website will show you a custom QR code, of which you will use the app on your device to scan and add it to your database.
The app itself receives codes that change every 30 seconds and when you login to a website that you have enabled two-step on, it will prompt you for the current code.
Using an app like Authy is the best way you can protect yourself. Email and text based two-step authentication are still very vulnerable in terms of interception. The mobile apps provide the most secure way to receive your one time login codes, and are very easy to use once you get started. Online security is becoming more important by the day, and you should step up your game before it is too late. It is surprising the amount of people who don’t take security seriously, when the time it takes to setup additional protection can be so simple. You will be thanking yourself later by starting now!