What is two factor authentication and why should you be using it?
If you are an avid user of social networks, then you might have seen the option to enable two-factor authentication for your account. If you are bewildered by its purpose and benefits, then you are not alone in the world. In this article, we will take a look at whether or not enabling this option will be of any benefit to you.
Before looking at how it works and why it is important, or not important, to enable it, let’s take a look at what it is first.
What is two-factor authentication?
Two-factor authentication, or commonly referred to as 2FA, is not a new concept. It works on a simple rule; to gain access to something important and confidential, you must have access to at least two of following three things:
- Something you know, such as a password, PIN, pattern etc.
- Something you have, like an ATM card, phone or a key.
- Something you are, like a fingerprint, signature etc.
Most secure services work on this model. You may be familiar with the process of withdrawing money from a bank. A bank requires at least two things from you when you wish to withdraw money from your account:
- When using a cheque, it requires something you know (account details) and something you are (signature or other verification).
- When using an ATM, it requires something you have (ATM card) and something you know (ATM PIN).
How does it factor into online services?
Online services providers like Facebook, Google etc. have access to some of your most valuable and private information. But when you think about it, logging into your Facebook account requires only one aspect of the three things mentioned above: something you know. If someone knows your password and email ID, there is nothing which stops them from gaining access to your private information. The concept of a multi-factor authentication is not being used here.
How will 2FA help secure my account?
Before answering this question, it is necessary to clarify that nothing will absolutely secure your account. As it is commonly said, “If there is a lock, there is a way to open it.” So no matter how much you secure your account, some frivolous hacker may be able to get access to it.
Leaving that aside, using 2FA can help make it a little bit more difficult for the said hacker to lay his or her dirty hands on your dark and deep secrets.
Most 2FA methods these days work by using your phone as a measure of “something you have” so that you have to provide two things while logging into an account:
- Your password and email ID (something you know)
- A pin or authentication prompt generated on your phone (something you have)
What this means is that while logging into a secure account, you will be required to have with your trusted phone with you. This will ascertain the fact that it is indeed the right person logging in, and not some unauthorized person who has access to your login credentials.
What are 2FA apps?
Google, Microsoft, and some other developers have released certain apps to improve this process for users. In its early days, 2FA was possible by either sending a confirmation message to users’ phone number or by calling them with the confirmation codes. New authentication apps sync with your online account through a QR code and display a continuously changing confirmation code. Whenever you want to login into your account, you will have to provide this code as well as the username and password associated with that account.
Following are some of the most popular authentication apps currently in use. With the exception of Facebook and Google’s sing in prompt, these apps work for almost any service which supports 2FA. To set up a new account in those apps, you have to scan the QR code being shown on screen by the web service.
- You can install Authenticator app by Google for both Android and Apple devices.
- Microsoft is also offering a 2FA app which is available for Windows Phone, Android, and Apple devices.
- Facebook app on Android, iOS and Windows Phone can also generate authentication codes when you try to login into your Facebook account from an unrecognized device.
- Google also supports native prompts to confirm login into your Google account if you have an Android phone or an iOS phone with the Google app installed. These prompts are easier to handle as compared to confirmation codes as they streamline the process of two-factor authorization (remember that this method removes the need to enter your password, you only have to enter your username and use your phone to confirm login).
How can I activate 2FA on my account?
Most online services are providing two-factor authentication these days. Twitter was the first one to get on the wagon with their SMS verification code to login into an account. Other services which provide 2FA and the method to activate it is as follows:
- To activate 2FA on Facebook, go to your account settings and then go to the security tab. From here you can activate Code Generator to set up your account to use code through Facebook’s own app or any of the apps mentioned above.
- To activate 2FA in your Google account, go to security settings of your account and click on 2-Step Verification option. An online wizard will guide you through the rest of the process.
- Go to the Security settings page and under Two-step verification, choose Set up two-step verification to turn it on.
- Click on Security and privacy settings in Twitter’s settings page and click the checkbox to Verify login requests.
- Go into your settings on your mobile app, navigate to account settings and click on two-step verification.
For all those services who provide two-factor authentication and whose method is not mentioned here, you can follow similar steps to locate the 2FA options in their account settings.
Two-factor authentication may seem like a hassle when you think about the overhead of checking your phone and adding the verification code within a limited time to gain access to your account. However, given the added level of security to your account, you will ultimately be happy that you used this security method to keep unwanted hands off your personal data.
Image Source: Android Central