What is two-factor authentication?
- February 21, 2019
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Ask Archer, Cyber Crime, Cyberattack, Hacking, Home Security, Mobile Devices, Posts with image, Smart Devices
What is 2FA, or two-factor authentication?
Hint: you probably use one-factor authentication every day!
What is 2FA?
Let’s say you need to get into one of your social media accounts.
You type in your password.
That is one-factor authentication, where you use one factor , your password, to prove that you are you.
But it’s better to use two factors, like your password — and something else.
That second factor could be a special key — like a USB stick — that you plug into your computer.
It could be a code your social media platform sends you on your phone.
You then type the code in and get to your account.
Or it could be something else, like your fingerprint or your face scan.
Why It’s Better
If you use a second factor, the bad guys can’t just steal your password and get into your account.
They would need something more, like your key, phone or fingerprint.
Two-factor authentication isn’t perfect, however.
Reports show attackers can sometimes get in, even if you have 2FA.
But security experts say 2FA makes it harder for them.
If you use the same password on many accounts, cyber crooks can break into one account and then use your password to get into many more of your accounts.
Same Idea, Different Name
You may see other names for 2FA.
Sometimes people call it multi-factor authentication or two-step verification.
Some companies come up with their own phrases, like Security Key (PayPal) or SafePass (Bank of America).
Check to see if your accounts have two-factor authentication.
One of the easiest options is to have the company — Twitter, Instagram, Facebook, etc. — send you a text message with a special code.
You go to sign onto your account as usual.
The company then sends you a text message with three to six numbers.
You enter that code into your account and continue signing on.
You’ll want to have your phone with you so you can access your account.
In some cases, you can choose to have your account send you a code only when you’re signing on from a computer you don’t normally use.
It adds an extra step, which some people view as inconvenient.
But that extra step can keep attackers out.
On Alert: Nest
In focus right now is the Nest system, which allows you to check your home security cameras from your phone.
If you have the Nest app, you can sign up for 2FA to make it harder for cyber crooks to get into the account.
Make sure you have the latest version of the app, or you may not be able to get back in after setting up 2FA, Nest says.
- Go to the Nest app home screen & tap Settings.
- Select Account, then Manage account.
- Tap Account security.
- Select 2-step verification
- Tap the switch to toggle 2-step verification On.
- Follow the prompts to enter your password, phone number & the unique verification code sent to your phone.
It’s a good idea to read the company’s instructions for setting up two-factor authentication as well.
Sometimes they include helpful details that make sign-up easier.
We have instructions below for some popular platforms, and you can also do a quick search online to find instructions for others.
Twitter offers instructions for setting up 2FA via your iPhone, Android phone, or computer.
For example, on your iPhone:
- Go to Settings and privacy
- Then Account
- Then Security
- Turn on Login verification
- Read instructions & tap Start
- Put in your password & tap Verify
- Twitter will send a verification code to your phone. Enter the code & tap Submit
You can set up 2FA on Facebook as well:
- Click on the upside-down triangle in the upper right-hand corner of your Facebook page.
- Click on Settings.
- Click on Security and Login.
- Go down to Use two-factor authentication and click Edit.
- Choose the authentication method you want to add & follow the on-screen instructions.
- Click Enable.
For Instagram, follow these steps:
- Go to your profile and tap the icon with three lines.
- Tap Settings.
- Tap Privacy & Security.
- Tap Two-Factor Authentication.
- Tap next to Text Message.
- If your account doesn’t have a confirmed phone number, you’ll be asked to enter one. After entering the phone number, tap iPhone or Android.
Google explains how to set up two-factor authentication on your account:
- Sign in to your Google Account.
- On the left side panel, click Security.
- On the Signing in to Google panel, click 2-Step Verification.
- Click Get started.
- Follow the steps on the screen.
- Choose a verification step. For example, you can have Google send a code to your phone which you then type in to get into your account.
For Microsoft, follow these steps:
- Go to the Security basics page & sign in with your Microsoft account.
- Select More security options.
- Under Two-step verification, choose Set up two-step verification.
- Follow the instructions.
Amazon provides these instructions:
- Go to Advanced Security Settings.
- Click Get Started to set-up Two-Step Verification.
- Add your primary phone number (this phone must be able to receive SMS messages) or download and configure an authenticator app and click Send code.
- Enter the code that was sent to your phone number or generated through the authenticator app and click Verify code and continue.
- Do either of the following: Add a back-up phone number and decide on delivery format (text message or voice call) or download and configure an authenticator app so you can generate security codes when you’re unable to receive messages to your device.
- You won’t be able to turn on Two-Step Verification without adding a back-up phone number . This is so that you have a back-up option to receive a security code if you no longer have access to your primary mobile device.
Main image: Phone & lock. Credit: Archer News