What is Two Factor Authentication?
Author: Elaine Harrison-Neukirch
A best practice in Cybersecurity is asserting that there are layers of protection (defense in depth). This is critical not only in business but also for the home user. Adding multi-factor authentication to online accounts is one method of adding an additional security layer and making it more difficult for hackers to gain access to online accounts using stolen or guessed credentials (username and password).
Multi Factor Authentication is the process of using two or more authentication methods to prove an account owner’s identity. Currently, a username and password are required for account owners to log into their computer and online accounts like email, social media and banking.
The username is considered the account owner’s “identity”. The password is a single method of authentication (proving that the identity belongs to the account owner). The problem with using single factor authentication (just a password) is the ease with which the password can be obtained.
A common scenario: An account owner is notified that their username and password was included in a large amount of data that was stolen by hackers. The company advises all involved to change their passwords. The account owner either forgets to change the password, after being notified and/ or has used the same password on multiple accounts.
The person or group who possesses that login information is able to access and take over the account. If this were a banking account, the intruder could transfer money or change contact information to their own email/ phone number. This could be detrimental to the account owner.
Suppose the account owner is using a simple password like P@ssword123 or Winter 2020. There are many password cracking programs that can attempt to find your password by cycling through lists of known passwords and trying each, as well as variations. Hackers use these methods to guess the password. They can also guess the username or may have it from other information they have found from other data breaches. This information, in a hacker’s hands, leaves the account owner vulnerable to everything from stolen accounts to identity theft.
Turning on two-factor authentication (2FA) for online accounts adds that additional security layer. A hacker would need access to the account owner’s email or phone (in most cases) in order to complete the second authentication factor. I suggest setting up 2FA on email accounts first, if that is the chosen delivery method of the second authentication factor.
There are also authentication apps available for mobile devices. These apps are tied to the account’s two factor authentication settings and provide one-time use passcodes that are input on the login page when requested.
If you have concerns about the amount of time you will need to give up to setup MFA/2FA on all accounts that offer it or are concerned with longer login times, think about how long it will take to prove to a credit card company that you did not open an account.
Online account security tips:
Use a longer complex password (12 or more characters)
Do not use the same password on multiple accounts
Turn on MFA/2FA whenever possible
Do not share passwords
Assure computers have operating system updates installed weekly and are protected by an antivirus/antimalware application.
About the author: Elaine Harrison-Neukirch is a Network security Engineer and aspires to educate many people about Cyber Security and Cyber Hygiene.