Two-Factor Authentication: Don’t go online without it!

Chances are that you have been prompted to use two factor authentication. Maybe a text message or a phone call with a 6 digit code, possibly by your bank or some other online account. Chances are that you are annoyed that it was enabled automatically and you had no choice in the matter. Maybe one of your accounts has been compromised and you are worried that it can happen again. Or, you’ve been reading this paragraph totally confused about all of the fuss over this fancy two-factor stuff. 

No matter what, Two-factor authentication comes to the rescue!

Two-factor authentication is a relatively new method of confirming your identity. We are all used to a username and password, but both of these are subject to attack. We give out our email addresses several times per day, and passwords are (unwisely) reused across different sites. If a site where either piece of info is stored is compromised, attackers have the ability to take over all of your online accounts. 

Sidenote- if you are using the same password across several sites, you are setting yourself up for attack. A general suggestion for creating passwords: randomness is the best defense. Make sure you are not using sequential characters or numbers. Using frequently-used words is also not advisable. To make passwords easier to remember yet secure, you can replace letters with numbers or syllables. For example, instead of Kitten123, you could use K1tt3n2$

Two-factor authentication requires something you know (your password) as well as something you have (a security code or push notification). The most common way to receive a security code is via email or phone. However, some services such as Google or Facebook may deliver the code via a menu in their respective app. Either way, an attacker would need to obtain your password as well as the second factor in order to compromise your account..   

While two-factor authentication is by no means invulnerable, it will significantly slow down attackers if they do obtain your password. If you enter your password on a nefarious site by mistake, your account will still be protected. 

Enabling two-factor authentication is usually an easy process. In the settings of a given app, there should be a security section, with an option to enable two-factor authentication. Google and most banks are automatically forcing two-factor authentication, so it might already be enabled for your accounts. If you can’t find this, use Google to search for the name of the app and the words two-factor authentication. Be careful to only click on results that show the domain of the app you are looking for. 

Two-factor authentication might be a minor inconvenience, but it will help you to secure your accounts and prevent attacks. If we all use two-factor authentication, attackers will have less success and will hopefully give up their nefarious ways!

© 2022 Matt Green