Interested in preventing your online accounts from being breached? When signing in to a high-value service, enable two-factor authentication. How to set up two-factor authentication and which accounts to focus on first are covered in this post by me.
One data breach might turn your online existence upside down. Unfortunately, passwords are a fatally insecure method of protecting valuable resources.
A longer, more complex, harder-to-guess password doesn't automatically make you more secure online. While it's possible to construct an extremely difficult-to-type password, it won't do you any good if the service where you use that password stores it incorrectly and then gets their server compromised. It's a common occurrence.
However, even if you have appropriate security measures in place (complexity, changing them periodically, and not reusing them), people are still the weakest link. Even knowledgeable people can be duped into entering their credentials on a phishing site or divulging them over the phone through social engineering.
Two-factor authentication (often known as 2FA) is the answer. There are other services that name it multi-factor authentication or two-step verification, but 2FA is the most generally used phrase, so I'm going to stay with it.)
This is according to a Microsoft analysis from 2019. It found that 2FA is effective in blocking 99.9 percent of computerized assaults. Multi-factor authentication, even if it's just SMS-based one-time passwords, is recommended by Microsoft if the service provider offers it. Google's own 2019 research came to similar conclusions.
Many people have asked me about two-factor authentication (often known as two-factor authentication or 2FA).
It alters the security requirements so that when accessing a secure service for the first time on an unknown device, it requires at least two proofs of identity. In most cases, you can choose to mark the device as trusted once you've successfully completed that challenge, which means that 2FA requests should be rare for the devices you use often.
They can be derived from a combination of at least two elements, including:
There is "something you know," such as a password, PIN, fingerprint, or other biometric ID, as well as "something you have," such as a trusted smartphone that can produce and receive confirmation codes, or a hardware-based security device
First (your password) and second (your PIN) are the most common two-factor authentication methods in use today (your smartphone). Due to their popularity, smartphones make excellent security gadgets.
Assist with authentication by using your smartphone to generate a unique code that you enter together with your password to log in. In order to obtain that code, you have two options: From the service or generated by an app loaded on your phone.
When I went to sign in to my Gmail account from a browser I had never used before, this is what I saw.
Two-factor authentication (also known as 2FA) requires second evidence of identity, such as a code from an authenticator app.
Were it, someone who had stolen my Google account credentials, they would be halted in their tracks. They can't continue the sign-in process without the code.
Services that allow two-factor authentication (but not all) offer a variety of authentication methods. It's possible to sign in to a Google or Microsoft account by receiving notifications on a trusted device. Hardware security keys are becoming more widely accepted by services.
Und most providers include the option to print out backup recovery codes, which you can save in a safe place and utilize in the case your typical secondary authentication method is unavailable. It is necessary to have these codes in case your smartphone is lost, stolen and/or damaged.
Most importantly, choose the form of identification that you are most comfortable with. You should have two options, at the very least, to avoid being locked out of your account.
When possible, I prefer the option of using an authenticator app rather than receiving codes by text message, and you should too, for two solid reasons. A simple logistical issue arises in the first instance. If your cellular signal is weak or non-existent, or if you're using a different SIM while abroad, you may be able to access the internet (through a wired or Wi-Fi connection) but not receive text messages. "SIM-jacking" occurs when an attacker uses social engineering to breach your cell carrier's defenses in order to obtain a SIM card with your phone number.
Android and iOS versions of Google Authenticator are the most popular 2FA apps. Anyone can create an authenticator software that accomplishes the same job because the technique for generating secure tokens is built on open standards. A number of different authenticator apps are available. When I sign in to my accounts, I use Microsoft Authenticator, which can receive push notifications from both personal and business accounts on Microsoft's platforms. I also use 1Password, which integrates two-factor authentication support into the same app that manages passwords, making sign-in even easier. A third-party tool, Authy, enabling you to handle authenticator codes on various devices, with the option to back up and restore account settings, is virtually a must. How to choose the correct two-factor authenticator app may be found here.
A data connection is only required during the initial configuration of your authenticator app to set up an account. Your gadget will handle the rest. Using the Time-based One-Time Password mechanism, a widely agreed standard governs the process (TOTP). In this approach, the authenticator software is used as a complex calculator that creates codes based on the current time on your smartphone and the shared secret in order to authenticate. Using the same secret and timestamp as your entry, the online service generates codes that it compares to your entry. Even if your device's clock is incorrect, both sides of the connection can adapt for time zone differences without any issues.