Two-factor authentication has become an important way to prevent identity theft through a variety of means, including brute force attacks, phishing scams, SQL injection, and data breaches. While not all sites support the standard, it’s important to enable it for those sites that do.
What is 2-factor authentication (2FA)?
Nowadays, it’s no longer safe to trust just a username and password to keep your important accounts safe on the internet. Hundreds of sites are breached each year, exposing millions of accounts online. You can check if any accounts tied to your email address have been exposed in big corporate hacks like Dropbox, Adobe, or LinkedIn.
If you are exposed and you’ve re-used any of your passwords, that’s why you need 2FA. 2FA makes it harder for malicious users to gain access to your account by adding a second layer of defense. Some methods of 2FA even add a third layer of defense based on the following principle.
- Something That You Know
- Something That You Have
- Something That You Are
Your username and password serve as the something that you know, while 2FA provides the rest. Something that you have can be your smartphone, smartwatch, or another trusted device. Something that you are involves detecting your fingerprints, retina scans, or voice recognition.
Standard 2FA asks for something that you know (username + password) and something that you have (code generated on smartphone).
Why should I enable 2FA?
Enabling 2FA is important to give you an extra layer of control over your accounts, just in case your data is compromised through no fault of your own. It gives you the immediate acknowledgment that someone somewhere is attempting to sign in to one of your accounts and gives you time to change the password before you lose access to the account.
2FA can’t protect against man in the middle attacks if your browser is compromised and phishing and social engineering always remain problems. If a hacker has enough of your identity, they can attempt to call the phone company and impersonate you in order to activate a new SIM card to intercept SMS tokens that are sent to you.
Which 2FA app should I use?
There are several 2FA apps available on Android, depending on your needs. Google Authenticator is available for free and requires no external account outside of your Google account. The only downside is it is not backed up to the cloud in any way, so if you lose control of your device you’ll need the backup codes you setup when you enabled 2FA on your Google account.
Authy and LastPass both offer cloud synchronization of your 2FA keys, though all the risks that come with posting these to a third-party service are there. Both Authy and LastPass use encryption to store the keys and can allow multiple devices to generate codes for your accounts.
Want to know more about 2FA and how to turn it on for your accounts that support it? Check out Turn On 2FA, a website dedicated to helping people turn on two-factor authentication on all sites and services that support it.