It’s more important than ever to make sure all your important online accounts are as secure as they can be. And one of the most effective steps you can take to secure those accounts is through two factor authentication.
Crooks have a variety of scams up their sleeves designed to tricking you into parting with your password, including phishing attacks, brute force attacks, targeted spear phishing scams or malware infections. And even if you don’t fall for any of those scams, companies are forever suffering data breaches that result in passwords being leaked online.
This means securing your account with a mere password is rarely enough. These days, we need an extra layer of security that means a cyber-crook needs something else other than the password. Something only the owner of the account will have. Two factor authentication (2FA) or multi-factor authentication (MFA).
2FA simple refers to having to authorise a login attempt in two different ways instead of only one. For most online accounts, one of these authorisation methods will still be the traditional password you enter on a login screen. The second method can vary depending on what methods a website can support, but can include SMS login codes, push notifications on a secondary device or a code generated by an authenticator app.
But all of the above have one thing in common – the user has to do something extra than just type in their password to login to their account. And the good thing is that users don’t need to do this every time they login. Once they login successfully from a device, that device will become a trusted device, and that extra step is no longer needed. It’s only needed when logging in from an unknown device (i.e. the device a cyber-crook will use) that the extra step is required.
What 2FA options are there?
There are lots of different options, and can be categorised into something we know (a password,) something we have (an ID card or USB key,) or something we are (biometric data such as a thumbprint.) So for example, if your smartphone requires both a password and pressing your thumbprint on the sensor to access it, that’s 2FA.
But for most online accounts, like Facebook, Google and PayPal, the most common options are…
– SMS, where a PIN code is sent to your registered phone number which you need to enter along with your password when logging in.
– Push notifications, where a notification appears on a secondary device which you are already logged into asking you to accept or deny a login request.
– Authenticator App, which is an app on your phone which generates a code for you to enter along with your password when logging in.
Sites like Facebook and Google support many of these methods, but other sites may only support, for example, the SMS option.
But it’s essential to check out the options in the settings of your important online accounts and enable it. This way, even if crooks grab your password from you (or someone else) it doesn’t provide them access to your online accounts. 2FA is one of the strongest levels of security you can place on your account, and something we strongly recommend doing.