After setting up a strong password or passphrase, an easy step to further secure your online accounts is having Two Factor Authentication, or 2FA for short. You might have come across the acronym MFA, which stands for Multi Factor Authentication.
What is 2FA or MFA?
As the name suggests, it is an additional factor for authenticating. In other words, when you enter your password, further information is needed. It can be a code received via SMS, a software token, like Google Authenticator, a fingerprint reader on your phone or laptop, face recognition, and so on.
The most common example is the credit or debit card you use with “chip and PIN” devices. The PIN is basically a simple password, and the chip on the card not only identifies your bank account, but also proves your ownership and presence. The difference between 2FA and MFA, is with the latter you have more than one added security layer along with your password. Lately another term, U2F is getting more popular, which stands for Universal 2nd Factor and utilizes an USB or NFC device for strong and simple 2FA.
Keep in mind that to be a real 2FA, the required methods must be different. These can be a combination of the following:
- something you know
- something you have
- something you are
- somewhere you are
So for example if my online bank asks for my password then three random characters from a passphrase, it’s not a true 2FA. Why? Because these are both in the category something I know.
How does it work?
Better security sometimes comes with a bit more inconvenience. Think about it as if you would need a regular key and a keypad to open a door. Sure, it will take you a few seconds more to open the door, but even if a burglar picks the lock, they don’t know the code for the keypad. Similarly with 2FA when you log in to your account, it will take a few seconds more to approve the login request on your phone, enter a one-time code that you received via email or SMS or present your fingerprint.
Why do you need it?
There is a chance that bad actors can get your password. If you have 2FA set up, even if your password is stolen, there is a second line of defense, the second factor. While companies generally can be trusted to keep your data safe, new vulnerabilities are discovered every day and don’t forget about human error. Hacking, exploits, stolen credentials, disgruntled employees, misconfiguration can all lead to data breaches. If the databases are not encrypted properly, passwords could be decoded and harvested. When you are using the same password for multiple accounts, you can lose all of them forever. Bad guys will not only sell your data, but it might be used for fraudulent actions as well.
Can you get it?
To see if a company is supporting 2FA for your account, search this website: https://twofactorauth.org/
If it is, we strongly suggest setting it up.