Why Bother with Two Factor, and What the Heck is it Anyway?
Simply put, it’s a way to secure something important to you with both something you know, and something you have.
Believe it or not, a simple login and password is not enough to secure what’s important to you today. So, why bother with it? In many cases, most websites provide “security” to your account by requiring a username and password – the problem is, anyone who has your username and password can log in with it. Worse, if someone gets a hold of your username and password, they might not use it right away, so you might end up finding out the hard way weeks or months later that your account was compromised.
Your Login and Password are not Enough
Let’s presume that someone does get a hold of your login and password to an important website or service and logs in. You’re out of luck, right? Well, maybe not, IF you have Two Factor Authentication enabled.
Two Factor Authentication requires a second form of verification when logging in, AFTER the initial login and password are successfully validated. So, after you log in successfully and your login and password are accepted, how do you authenticate with the “second factor”?
Two Factor Authentication Options
Option 1: SMS. One of the most common methods for providing Two Factor Authentication is SMS, or text message. In this case, a mobile phone number is on file with your account and when you log in, a text message is sent to that number with a code which is required to continue to log in. This ensures that only someone who has access to receive that SMS message after logging in is able to connect.
Option 2: Authenticator App. A slightly more secure way to provide the second factor authentication component is with an authenticator application. In short, this works by using an app (on your phone, for example) to scan in a QR code and link up the application on your phone with the authentication system on the server/website you’re trying to log into. In this case, the app is basically “in sync” with the server so whenever you’re prompted to use the authenticator app to provide the secure code (the second authentication factor), the number/code generated on the server is the same as the number/code generated on the application. Typically, this code is time-bound with a short expiration time, like 30 seconds, so if it’s not used in time to log in, you’ll need to wait for the app to generate a new code. One popular authenticator app is the LastPass Authenticator, though there are many others.
Option 3: Phone Call. Some websites will allow for a phone call to a pre-approved number on file to provide the authentication code. This is a reliable way to authenticate, but it’s a very popular option on most websites.
In Conclusion – Protecting Yourself
Always use Two Factor Authentication if it’s made available! An authenticator app will help you keep organized and also provide the security of a second factor in a relatively convenient way. Security and convenience are generally at two ends of the same tug rope, but this is an easy way to get both. Oh, and one last thing – after you enable 2FA, if you get texted in the middle of the night with a code while you’re sleeping, know you’ve made the right call and you’re safer for it (but still check the audit logs anyway!).