It’s becoming more common place to see suggestions or requirements for two-factor authentication from various pieces of technology, apps and sites. Often displayed with the shorthand 2FA, Two-Factor Authentication is an increasingly popular security method that requires two points of authentication from the user in order to grant them access. There is an obvious explanation as to why this is a good idea: if one of the user’s authentication methods is compromised or stolen, like a password or pin-number, then there’s still a second security layer of authentication required. Consequently, it’s much harder for a hacker or thief to gain access to an account that is set up with 2FA.
In the cyber-security realm of technology, forms of authentication normally fall into one of three categories:
1.) Something the user knows
This first category is the most traditional form of authentication. This category would include authentication protocols such as passwords, pin numbers, security questions, social security numbers, birth dates, etc.
2.) Something the user possesses
This second category includes things like smart phones, laptops, or other tech-based devices.
3.) Something the user is
This third category would contain most forms of biometric authentication such as retinal scans, finger prints, or other biological indicators.
The best and most proper 2FA protocols will not only require you to provide two forms of authentication, but also require that those forms of authentications come from separate categories. Hence, in recent times when you try to access Yahoo, Gmail or Facebook from a new device, these sites will not only require your username and password, but also will require you to enter a code that they text to your mobile phone. Not only are you providing a password (Something that you know) but you are also authenticating using your own cell phone (Something that you possess). This way, if a hacker stole your password, chances are they don’t also have your cell phone, and would have to more than double their efforts to gain access to your cell phone to authenticate, making the reward of their ill-gotten gains not worth the effort.
2FA is also a great method to protect yourself from viruses and bugs. If you set your accounts and devices to require 2FA for access, then just gaining access to your passwords is not good enough. It is pretty much impossible for the author of a virus to write a code that will allow it to steal your biometric signs, or physically possess your smart phone. So while they main gain access to a password here or there, if your accounts all require 2FA, then having the password alone is pointless, and theoretically renders the virus worthless.
Consequently, I highly recommend that you set your accounts and devices to require 2FA, especially if they contain information or data that is sensitive or valuable to you. While some might find the added step of a second authentication method to be a minor nuisance, it’s better to take the time and utilize 2FA then it is to be the victim of a successful cyber attack.