What is two factor authentication and why should you use it?
What is two-factor authentication?
Breaking it down to the most simple explanation, it’s basically adding a second layer of protection to your account, app or system to go alongside your regular method of logging in. In most instances, this involves receiving a code by SMS to your mobile number, but increasingly apps and services are sending a confirmation number to your device as a notification instead. Sometimes you can just tap the notification to approve the login. More commonly though, emails are sent containing the 6 digit code which you then use alongside your normal username/email and password.
How does two-factor authentication make your account more secure?
The idea is that you’re adding a confirmatory step to your sign in attempt. Using the SMS example, it means no one can log into the account in question from a new device, even if they have your password. When using two-factor authentication via email, again it requires access to the email account associated with the platform you’re attempting to log in to.
When someone tries to log into your account from a new device, or even new browser, with your password, when they hit “enter” or “submit”, it’ll take them to a new screen asking for a code. This code has been sent to the registered mobile number as an SMS, a notifications via an app or to your email account.
Some apps that use notifications also send you a code. But increasingly, apps are just sending a notification to your key devices so you can just confirm it was you signing in (in ther words, there’s no code)
Does two-step authentication always need a mobile number?
As an example, WhatsApp can’t use your mobile number as its second verification method, because that’s the primary method for logging in. So instead, it asks you for a six-digit PIN number every so often, or when you log in from a new smartphone.
While Apple does use SMS verification for iCloud account security, it also uses its “Trusted Devices” method. Using this method, it sends a four-digit code directly to a trusted and verified device, which then pops up in a little window on the screen once you unlock your iPhone or iPad.
Where SMS isn’t used there’s often the option of getting a two-factor authentication code from a dedicated app like Google Authenticator. These sorts of apps simply offer access to a time-sensitive code that changes after a given period of time and so is constantly secure but gives you quick and easy access to your account.
What if I’ve lost my phone?
Most services – as mentioned – offer more than just the phone number SMS method for logging in. Nearly all of them will offer you the ability to generate backup codes or, like Apple, give you a recovery key that’s a really long chain of letters and numbers which you can input instead of using your password and SMS code.
Be sure to set up a recovery key, and store it somewhere safe like in a password-protected document and/or secure password app.
Is it worth it?
Yes. Absolutely. Once it’s set up it only adds one extra step to logging into your account from a new device or browser.
It’s always worth doing and failing to do so can often lead you open to privacy nightmares. An revealed just how dangerous this can be. There have been several reports of incidents where owners of smart home cameras have had their devices hacked and been spied upon by criminals simply because they failed to use a secure password and activate two-factor authentication.
On the off-chance that someone has got your password, and tries to get into your account, you’ll have the peace of mind knowing that they can’t get in without also having your phone (or access to your email account) which – even if they have – is likely locked and protected behind a password, pattern or fingerprint scan.
To add further privacy, there are settings within Android and iOS to ensure that you can stop SMS notifications from showing up on a lock screen. Just head to Settings > Notifications and select which apps you want to have display information on the lock screen, or choose to hide sensitive information (on Android).
More information can be found on PocketLint