Two-factor authentication for beginners

Databases will always get hacked. Passwords will sometimes get into the wrong hands. You should, therefore, make sure to have a system that reduces the damage a leaked password can create. Two-factor authentication is a way to decrease the risk related to living life online.

I’ve realised that few people working with the internet and its services as primary business tools do not know about this technology. Even fewer people use it. That is why you are now reading this blog post…

How does two-factor authentication work?

Two-factor authentication adds an extra layer of security on top of your username and password combination. It makes it harder for a hacker to get access to your account even if they know (or break) your password. For someone to get access to your account they need either your phone or some other “key” to log in. The service use the phone or key to verify that the person logging in is the legitimate owner of the account.

When you log in to an account it will ask for a code you get from an app in your phone, or through text message. Some prefer to add a USB-key with a button that you press to authenticate the login. There are multiple solutions and you should pick what feels easiest for you.

It’s actually the same solutions that many banks use. They give you a physical card with codes, or a small digital device providing you with codes when you press some numbers. You need your login details and your specific code, to use your bank online or through the phone. This is to make sure the bank know that you are you.

When should you use two-factor authentication?

You should basically activate two-factor authentication, 2FA, for every service where it’s possible. To find out if a service offers two-factor authentication you can use a service called Two Factor Auth (2FA). It lists most online services and links to the set-up documentation for each one of them.

You should activate two-factor authentication for at least: E-mail, Facebook, Twitter, Dropbox. All places where you have sensitive personal information, such as your bank and health-related accounts, should have 2FA activated and everything work-related should also have maximum security. When it comes to work accounts, the damage would be large, not just for you, but also for your employer.

But it’s such a hassle…

The hassle setting up two-factor authentication is worth it. Just compare it to the trouble you will have to go through if someone finds their way into your accounts. Sometimes it’s hard just to take down a hacked social media account. And if someone has access to your email they can easily reset other passwords creating, even more, damage.

I was once able to prevent a login attempt from somewhere in Asia because I had two-factor authentication. Someone knew my password and I got an e-mail about the login attempt but since they didn’t have my phone they couldn’t access the account. Instead, I could log in and change my password, keeping them out of my account.

Anything else?

Well, while we’re at it: You should also use a password manager, like 1Password, to make sure all your passwords are secure, i.e. long, complicated and used only for one account. It’s a pain to move into a password manager and change all your passwords, but you should do it TODAY. It further reduces the risk of some stranger getting access to your account.