A username and password are a staple in the digital world. We’re all familiar with them and have been using them to log into our various accounts since computers and the internet became an integral part of our lives. This combination of a username and password has been the primary method of authentication, giving us access to our accounts, and ideally, keeping others out of them.
We all know how passwords are supposed to work. They don’t cost anything and they’re used to get us into an account on any platform. There’s no compromise of privacy when using a password and we are familiar with how easy it is to change if we need to do so. Yes, even if we find it difficult to think of a new password to use that isn’t our first-born’s name or the birthday of a loved one. Note: you really shouldn’t set passwords like this since they’re just too easy to guess by anyone who knows information about you. That being said, the two most common passwords of 2017 were “123456” and “password”. However, since passwords are probably the best way to keep your accounts safe, there’s a way to use your password with an increased security feature that provides your accounts and personal information with even more security.
What Is Two-Factor Authentication?
Cyber threats like data breaches, identity theft, phishing scams, etc. have become a plague to our digital world today. These threats spill over into the “real world” and we’ve reached a point where simply using a strong password to protect you and your digital safety is no longer enough.
Enter two-factor authentication. To keep it simple, two-factor authentication (2FA) is a second layer of defense for your online accounts. You may also see the term multi factor authentication (MFA), under which 2FA falls.
You’ve probably encountered two-factor authentication before and perhaps haven’t realized it. For example, if you’ve had to log in to your Gmail account, two-factor authentication would’ve come into play. When logging in, you would have received a six-digit verification code sent to your phone via text message or SMS. After entering your password, you’d enter this above mentioned verification code which acts like a second form of ID – or authentication.
Two-factor authentication is quickly becoming an essential part of online safety. Even if you’ve got a strong password strategy, like using a password manager, two-factor authentication is one of the strongest methods of ramping up your online security. You benefit from an extra layer of security which is usually in the form of an SMS or text message, as mentioned, or you can use biometrics.
One of the primary reasons for 2FA or MFA is that while the username and password strategy is a default, it’s not infallible. Data breaches and phishing attacks can compromise this information, allowing cybercriminals access to your accounts if they’ve got these two pieces of sensitive information. For many accounts, two-factor authentication is not the default security setting, so you have to remember to enable it if you’re looking for that added layer of security with which to bolster your accounts.
SMS Text Verification
Many of us are aware of this method of 2FA already. As we’ve mentioned, after typing in your username and password, you receive a verification code via SMS or text message on your cell phone. This time, we haven’t mentioned the word “smartphone” since one of the benefits of the text verification method is that you just need a basic cell phone that can receive texts. In some cases, these verification codes can be sent to you via robocall, too.
However, this method has its downfalls, too. If you’re travelling abroad and can’t receive text messages on the number tied to your account’s 2FA, this could prevent you from receiving the verification code. Also, giving your phone number over to data platforms can result in you being spammed with sales calls or texts, which is a real pain. There are some who believe that this method is less reliable than others since many hackers are able to gain your passcode through phishing scams or by cloning your phone number – otherwise known as porting. Ensure that you verify any calls or texts from suspicious numbers on Nuwber if you feel that something’s amiss.
By using an authenticator app, your smartphone becomes your security key. Apps like Google Authenticator have become common for 2FA logins. When logging into a site using an authenticator app as the second layer of security, the platform presents you with a QR code. Scan the QR code with the app and the app then generates the numerical codes necessary to log in.
This method is great since hackers who may have managed to clone your phone number cannot retrieve the key – unless they have physical access to your phone itself. On the other hand, using an authenticator app and the QR method can be problematic if you lose your phone or if your battery is dead.
Using Physical Security Keys
For many of us, using a physical security key for two-factor authentication is not really that common. However, for those who work at data-driven tech companies, cybersecurity companies, and the like, this method tends to be preferred. This is not the only case, though, as some banks offer their clients physical security keys as an extra layer of security when logging into their accounts.
It’s something reminiscent of a blockbuster spy thriller. You don’t enter a code that you received via SMS to log in to your platform. You insert a physical key into your computer or device to authenticate your login. This is possibly one of the most secure forms of 2FA, and Google backs it up. According to the tech giant, not one of the company’s employees has had their work accounts phished since Google used this method of 2FA back in 2017.