Two factor authentication (aka multi factor authentication, login approvals, login verification or two step verification) is a way to prove your identity to a service provider by providing two different authentication methods. Enabling two factor authentication (2FA) is one of the most effective ways of preventing your accounts from being hijacked or stolen. 2FA is not only effective but it’s typically provided at no cost. In fact, you are likely already leveraging two factor authentication without even realizing it.
There are three common ways to prove your identity:
- Something you have – typically a mobile phone or keyfob
- Something you know – usually a password or PIN
- Something you are – frequently is a fingerprint
One of the most typical forms of two factor authentication is the requirement to use a PIN code when using your debit card to make a transaction at an ATM. You’re providing something you have (debit card) as well as a PIN (something you know) to prove to the bank that you are who you claim to be. The addition of a PIN adds a significant amount of security to your debit card transactions. This same concept is often applied to logging into websites.
Most websites only require that you to provide a password to authenticate yourself. You’re simply sharing something that you know to demonstrate that you are who you actually say you are. Ideally, your password is a complete secret to anyone but yourself. Unfortunately, this isn’t always the case.
You will have a password stolen. It’s not a matter of if or when but how often it will occur. Passwords are commonly stolen in phishing attacks, corporate data breaches and through eavesdropping. By adding a second layer of authentication, an attacker can no longer login to your accounts with just your password.
Typically a website will allow you to use your mobile phone (something you have) as a second form of authentication. When you provide your username and password (something you know) to the website, the site will send you a text message with a temporary code. You’ll then provide this code to the website as a second form of authentication. While this method isn’t perfect, it will go a long way to helping secure your accounts and identity.
In my opinion, the biggest drawback to leveraging 2FA is the slight inconvenience. However, the inconvenience is a small price to pay for the significant increase in security. A majority of the websites you use on a daily basis offer this additional security measure. For a list of websites that support 2FA and instructions for enabling this feature, please visit www.turnon2fa.com.