In partnership with Breezeline
Author Cate Garrett
Early in the morning, you finally managed to get your coffee before going to your computer to check your email. Most mornings, when that first pop-up appears after logging in, you simply close it without even bothering to read it first. But this morning is different - this morning, you have coffee.
You decide to read the pop-up. The pop-up is asking you to enable two factor authentication on your email account. There is a deadline to enable the two-factor authentication. If this is not completed, the two-factor authentication will be turned on automatically. Information that you have on file in your account settings will be used for setting up the TFA.
You find yourself wondering, "What is two-factor authentication?" and "What information is on my account?” You do not think you have updated your account since you first created it. With the realization that you could lose access to your email account, you decide to finally investigate this matter. To understand it fully before activating the services yourself.
What is Two Factor Authentication?
Two-factor authentication requires a second step. Providing something you have (a verification code generated in an authenticator or sent via email or text). This adds another layer of protection to your accounts. This is different from the username and password combination which is something you know.
Username and password combinations are easy to crack. This is also something an attacker can guess or use OSINT (Open-Source Intelligence) techniques an2 password cracking software to find.
For better or worse, the username and password haven’t gone out of style. For this reason, use passwords that are long, complex, and kept hidden from view.
Something you have
Identifying yourself with something you have can be simpler and more secure than authenticating with something you know. Authenticating yourself this way does not require you to remember anything specific, but also gives you a quick and straightforward way to access your accounts online. You do need something in your possession that can receive an authentication code.
Examples of something you have include methods to receive a verification code. This can be through email (not great if your email has been compromised), text or access to a third-party authenticator. A third-party authenticator, such as Google authenticator, Microsoft authenticator, Duo authenticator or Blizzard authenticator, provides revolving numerical access codes which the user can input to verify their identity online.
For example, Google authenticator is an app on your phone that has revolving codes set to a 15 second timer. You must input those codes in addition to your username and password. Now you have two ways to verify your login – something you know and something you have, i.e., your phone.
Setting up new accounts with an authenticator app is quite simple, and the user can utilize one single authenticator app for multiple online accounts. This creates a level of simplicity for the user, and they can still secure their accounts without needing to remember security questions or other details.
No matter how much you trust someone, do not share your device pin, pattern, or password with anyone. It is also recommended not to leave the app open on your devices after use.
Benefitting from TFA
Two-factor authentication adds an additional layer of protection to secure access to data. It is highly recommended for sensitive data like financial or healthcare records. It is also recommended for any online accounts that you want to protect.
When deciding whether you should activate two factor authentication on an account, task yourself: “If someone gained access to my account and locked me out, how would it affect me?”
For example:
Recently, there has been a slew of Instagram accounts that have been “hacked.” People are losing access to their accounts. The attackers are using those accounts to phish and defraud contacts of those accounts. Their contacts may not know that the Instagram account is hacked and may share personal information or click malicious links in DMs. This, in turn, may cause those people to lose access to their accounts or worse.
Although the extra step may be inconvenient, it is too easy to compromise username and password combinations. Use TFA to improve your personal cybersecurity and protect yourself, your family, and friends.