The 411 on 2FA
Visualize the following morning sequence. While enjoying your first cup of coffee, you catch up on yesterday’s news and events by logging into your Facebook and Twitter accounts, various news sites, and your email accounts. Once the coffee kicks in, you realize that several bills are due today, so you log into one or more utility accounts, credit card accounts, or other retail accounts. During your drive to work, you access your Pandora, Spotify, or other music streaming account, and you arrive at your desk and log into your computer, cloud accounts, databases, and other domains. It’s not even 10am and you’ve logged into over a dozen different online accounts! Now consider how many times you enter your username and password into various online accounts every single day.
The convenience of digital accounts is unquestionable. However, with the growing number of websites with whom we share our personal information, it is vital to take extra caution in keeping your personal information safe from hackers and phishers. While it may be obvious to take extra precaution for your banking and finance accounts, many are surprised to learn that sophisticated hackers can take over your entire digital life by simply gaining access to your email account.
So what can you do to help keep your information safe? One way to drastically reduce the risk of online identity theft is by using two factor authentication, also referred to as 2FA or two-step verification. With two factor authentication, a user is required to enter two means of identification to access an online account. Simply shown in the image below, two factor authentication asks you to provide something you know (i.e. your password) plus something you have (i.e. a mobile phone or encryption card/fob) as a means of ensuring you are authorized to access the personal information.
Let’s explore this further. When you enter your password into a website, you are using one single factor to access an account. With two factor authentication, however, a second identification code is provided to you via text message, phone call, or email, or accessed using a physical card or fob. As a result, a hacker trying to access an account set-up with two factor authentication would need to have your cell phone or physical card in addition to the password in order to successfully access your account. Before you worry that this second factor will cause you too much inconvenience, know that you are only required to enter the second factor when accessing your accounts from a device that you have not previously used.
The best place to start with two factor authentication is with your email accounts. Nearly every major email provider supports two factor authentication. Here you can find instructions to protect your Gmail, Outlook, and Yahoo accounts. If you are interested in learning more about other websites that support two factor authentication, we encourage you to check out TwoFactoryAuth.org for a comprehensive list of sites that do and do not support extra protection measures and instructions for setting up two factor authentication where applicable.
The time it takes to set-up two factor authentication is minimal but the impact it can have on protecting your accounts is significant. If you have any questions about two factor authentication or protecting your digital accounts, please do not hesitate to reach out to us.