Home » The official Family Tech blog » How To » What is 2FA or Multi-Factor Authentication?

What is 2FA or Multi-Factor Authentication?


With all the latest buzz about smart home devices being hacked, enabling 2FA for your accounts is becoming more important than ever. Businesses have been using 2FA to help keep their critical company data safe and secure. Now even consumers are seeing benefits of enabling extra security.

What is 2FA?

2FA or 2 Factor Authentication is also referred to as Multi-Factor Authentication. It means that in order to access your account you need something you know (usually a password) AND something you have (typically your fingerprint, your face, your phone, etc).

For example, when you log into your PayPal account after you enter your password it will require you to enter a code from your phone.

Why is 2FA more secure?

Utilizing 2FA gives you an extra layer of security for your account to prevent hackers from trying to break in and steal your information, or spread malware. It makes sure that you really are who you say you are by asking you for the thing you know and the thing you have in your possession.

With 2FA enabled, if you receive a phishing email and you fall for it, you just handed your username and password over to a malicious person. However, that person will still be unable to access your account because they won’t have access to the second layer of authentication.

Another possible way a bad actor could gain access to your login information is through a security breach of a company you also have an account with. Your username and password are compromised in an unrelated attack. If you use the same credentials elsewhere, you could be opening yourself up to attack without even being aware that your login info is out there.

If you are using 2FA you will not only be alerted to the unauthorized access so you can change your password, but the attacker won’t be able to complete the login to your account.

How can I enable 2FA?

Unfortunately not every online service has the capability to enable 2FA. Many of the most critical services do though. Most banking sites offer it, Google definitely offers it, social sites like Facebook and Instagram offer it, and many many more. You just need to ask yourself which sites are the most important to you to protect.

Once you figure out a list of sites and services you use that are critical to you, you can start looking in those services for ways to enable the security. Most services will have the feature available in the “settings” and then “Security and/or Privacy”

When you enable it, the service might ask you to set up the second factor using an authentication app. The authentication app is something you would download on your phone. The website or service will display a QR code that you will need to scan with your authentication app. Once the code is scanned in, it will ask you to enter the code that the app displays for that service.

After you enter the code it should be good to go for you to login in the future.

What authentication app are there?

The main 4 authenticator apps are Duo, Google Authenticator, Authy and Microsoft Authenticator. There are a few others including one included inside LastPass and 1password. I actually use 2 different ones. I use Duo for all of my business 2FA codes, and Google Authenticator for my personal codes.

The main reason I use Duo is that almost everything I use at my job requires 2FA. Duo allows some applications to push a notification that I can just click on to allow the app. Google also gives me push notifications when trying to access Google accounts, even though they aren’t set up in the authenticator app.

Google Authenticator is a great universal app and built from Google, it’s likely not going anywhere anytime soon. I have also heard great things about Authy, but I haven’t used that one personally yet. While I do use one of the password applications for my passwords, I prefer to keep my authenticator separate. Just in case someone hacks into that account, they won’t have both keys to the kingdom.

What if I get a new phone?

The one really big problem with 2FA is, what if my phone gets lost/destroyed/etc and I no longer have the ability to access my account because I no longer have the “thing I have”. Authy and Duo both have the ability to back up your codes to an online account like Google or iCloud. I would perform regular backups so you can restore them easily.

If you getting a new phone, and you don’t have backup capabilities in your authentication app, make sure to disable the 2FA setting before you reset, wipe, or turn in your old phone. You will have to re-setup your 2FA after you get your new device.

So, yes, 2FA is a pain. Yes, it’s a few extra steps when you try to log in. Will you ever be sorry you enabled it? Probably. However, the first time someone tries to access your account, or you fall for a really good phishing scheme, you will be SO happy you have it enabled!


This post may contain affiliate links, which means I receive compensation if you make a purchase using the links.

Comments

comments

Add Comment

Click here to post a comment