More than just a safe word for online security, two-factor authentication, or 2FA, adds another level of protection to your online security. Technically just an added step, what makes 2FA better and different than a ‘two-step’ verification process is the combination of factors—something you know, something you are, and / or something you have.
While nothing is completely foolproof, this second layer makes it more difficult for someone to gain access to your online information. Adding a layer may seem like a headache, but consider this: there’s not much worse than having your accounts compromised, or more, your identity assumed by someone else. A bulletproof password (or as bulletproof as possible with at least 14 characters combining letters, symbols and numbers) is your first line of defense; combine it with a second factor for extra insurance.
So just what is 2FA and where should you use it?
Any online account, from your email server and social sites to your banking and credit sites can potentially be set up with these security measures. Google, Apple, Facebook, and Twitter all offer options for setting up 2FA; go to your account settings and look at the security section. That’s where you’ll find the options these sites offer.
Single-factor verification can be a multiple step process, too, but you’ll know it’s a single-factor if the login process is strictly information-based, such as your password, security questions, an image, or a PIN. While safer, your better bet is to add a second factor. It’s a good idea to use these options if they’re available, but don’t stop there. Using just one layer of security leaves your accounts more vulnerable to phishing and social engineering.
Examples of two-factor verification
Biometric recognition—when your computer recognizes your voice, face, iris, fingerprint, or even your keystrokes or typing speed—is an example of two-factor verification. Many hardware systems like laptops and tablets are already equipped with this option.
Tokens, such as key fobs, USB devices, and RFID or smart cards, can also add that extra layer. Once these are set up, it can be as simple as inserting your token into your device, entering your login information, and following the prompts from the device.
Smartphone apps have the capability to recognize your voice, your face, iris or fingerprint, or your location. Text message verification is a common way to authenticate identity, although this option is more vulnerable to attacks; what’s good about having text set up for your accounts is immediate notification if there’s a remote login—and it isn’t you. For those using Android devices, Google Authenticator can be set up so that once you enter your username and password, you receive a prompt to enter an automated six-digit number which changes every 30 seconds. This makes it less likely to be seen by an unauthorized user.
Remote access on unsecured networks is particularly vulnerable to password breaches, so if you typically work from a remote location, two-factor authentication helps protect you.
No matter how you choose to protect your online information, it’s always a good idea to make sure your physical environment is safe, too. Best practices include never writing down passwords or supplemental information, carefully storing any hardware or devices that allow your online access, and being mindful about what you discard and how. If you have two-factor set up, it’s unlikely that more than one factor would be affected.
Some workplaces or high-security locations may require multi-factor authentication, which would include at least three types of identification: a password, a physical item, as well as a bio or location metric.