Two-factor authentication: Do you already use two steps?
In email, Facebook, Ricardo etc. you log in in one step by entering a password. But what if your password is stolen? Enabling a second step doubles the security of your data.
Step 1: something you know
When you log into one of your accounts, you are asked to enter a password that only you know. Your password proves that it’s really you trying to access your profile, your pictures or your credit card account. That’s why your passwords should be strong and unique.
Step 2: something you have
Passwords can be stolen. Therefore, most service providers such as Facebook, Google or Instagram have introduced two-step authentication. The second step double-checks that it’s really you trying to access your account. It can involve a smart card, a card reader or, typically, an app: that is something only you have.
«The second step double-checks that it’s really you.»
Information on the authenticator
How does it work?
It is actually quite simple: Instead of just entering your password (something you know), you are asked for an additional code sent to you on a second device (something you have), typically an app (“authenticator app”) on your smartphone.
How to set up
To enable this second step, you need to make some changes to the settings of the account in question.
Be aware that the wording often differs: sometimes you’ll need to look for “two-factor authentication” (Facebook and Twitter), other times for “two-step verification” (Google).
What is an authenticator app?
An authenticator is the means used to confirm the identity of a user.
An authenticator app is an application for your smartphone that does just that: it generates random codes that you are required to enter in addition to your user name and password. Once you have installed the app, you need to connect it to your account (Facebook, LinkedIn etc.).
Set up an authenticator
- Download an authenticator app to your smartphone from an official app store.
- Check the personal settings of your account and look for information on how to set up two-factor authentication.
- Enable the second step. Once enabled, you’ll be shown a QR code.
- Open the authenticator app and add a new account.
- Scan the QR code.
- Confirm by entering a code.
The most frequently used authenticator apps:
- Google Authenticator
- Microsoft Authenticator
- LastPass Authenticator
- Sophos Authenticator (GooglePlay, Apple)
Why take the second step?
Protect your reputation
Criminals can steal your account details and thus your identity. Acting on your behalf, they can send messages to your contacts containing a link to a shady or even fraudulent website. Unbeknown to you, your friends and colleagues at work may receive a message from you inviting them to buy super cheap sunglasses or watch a hot video.
Protect your money and your friends
Data is valuable. Criminals make a lot of money trading it. Among other things, your stolen data is used for the following purposes:
- to steal money from you,
- to take over your identity in order to steal more data and money from your contacts, or
- to use your accounts to do illegal business.
Which are your important accounts?
The most important accounts deserve the best security possible. What could be your most important account? E-banking of course! But with your e-banking account you already use two steps to log in. Here are some tips:
If you forget a password for Facebook or Ricardo, you will receive an email to confirm that it’s really you trying to set a new password. Think about it: anyone with access to your email account could set new passwords and gain access to your other accounts, thus preventing you from logging in.
Facebook, Twitter, Instagram, LinkedIn etc.
Your profile is visible to your friends, co-workers and even the public. Anyone with access to your account can mess with your posts or send messages to your contacts without your knowledge, seriously damaging your reputation in the process.
WordPress, Joomla etc.
If you have a website and are editing the content, anyone with access to your content management system (WordPress, Joomla, Wix etc.) can modify or even delete your website.
Ask yourself: If you lost control over or access to your data or an account of yours,
- could your (or your contact’s) reputation be damaged?
- could you or your contacts lose money?
- would it take a lot of time and effort to restore the data or your account?
- could other accounts be affected?
Two-factor authentication explained: How to choose the right level of security for every accountPC World
Cybersecurity 101: Two-factor authentication can save you from hackersTech Crunch
Two-factor authentication: What you need to know (FAQ)C Net
Back to basics: Multi-factor authentication (MFA)NIST - Information Technology Laboratory - United States Government