Secure Your Accounts Using Two-Factor Authentication

person with smartphone

People typically have multiple logins for accessing computers, smartphones, and other devices, apps, and online services. The most common login methods include:

  • Username and password
  • PIN
  • Biometric authentication (fingerprint or facial recognition)

A username and password is the most widely used method for accessing devices, apps, and services. However, poor password habits like using simple, common passwords, the same password used multiple times, or sharing passwords insecurely are also fairly common.

Weak passwords, falling victim to a phishing attempt, or other online scams may result in someone hacking your devices or online accounts. Two-factor authentication can help improve your login security.

What is two-factor authentication?

Two-factor authentication – or 2FA – adds an additional layer of security to your logins. In addition to your username and password (something you know), 2FA requires supplemental information from an external source that only you can access (something you have). This extra security credential is known as a time-based, one-time-use password (TOTP).

Some options for obtaining a 2FA one-time use password include:

  • A 2FA password or “code” sent via text or email by an online service
  • Authenticator apps or devices that generate a 2FA code
  • Password manager apps with a 2FA code generator included

Two-factor authentication is one form of multifactor authentication. Multifactor authentication (MFA) uses something you know (username and password), something you have (a hardware or software generated key or code), or something you are (a fingerprint or your face) to augment account security.

Let’s examine how 2FA works.

password security

How does 2FA work?

Two-factor authentication requires you to provide a four to eight-character code, in addition to your username and password, when signing in to a device or online service. Some products and services supply their own 2FA framework and will send a code to the email address or phone number in your user profile. Once you receive a code, you can enter it on the app or website to finish logging in.

Other products and services require you to supply a code created by an external authenticator app. Google and Microsoft have authenticator apps you can download and use for free. Several password manager apps have a 2FA feature built-in.

There are several steps required to set up and use an authenticator app:

  1. Install the authenticator app on your mobile device.
  2. Log in to the website or online service you’re using and enable 2FA for your account. This step typically requires you to register your mobile device with the online service.
  3. The online service generates a secret key and displays both the key text and a QR code.
  4. Open the authenticator app on your mobile device.
  5. Create a new entry for the online account.
  6. Enter the key text OR scan the QR code.
  7. After entering or scanning your secret key, the authenticator app generates a unique 2FA code for the online service. 
  8. Enter the code when prompted by the online service.
smartphone and QR code

Other Multifactor Authentication Options

In addition to site-based 2FA and authenticator apps, you can also use:

  • Hardware-based authentication.
  • Biometric authentication.

YubiKey is a hardware-based solution (something you have) that generates and stores authentication codes. YubiKey comes in two forms: a dedicated model that plugs into your computer’s USB port (USB-A only) and a more portable model that attaches to your keychain and plugs into your computer’s USB port (supports both USB-A and USB-C). The YubiKey keychain model works wirelessly with your smartphone, too, using NFC (similar to AirDrop), allowing you to use your YubiKey to log in to websites and mobile apps.

Biometric authentication uses something you are, such as your fingerprint or your face. Some apps use your mobile device’s fingerprint reader or facial recognition to log in to your account, bypassing your username and password. However, it’s worth noting that you will need to log in with your username and password first and then enable biometric authentication for future use.

Need help setting up 2FA? Prime of Life Tech can help you set up and use two-factor authentication for your apps and online accounts. Contact us or schedule an appointment for assistance.

Copyright © 2020 Prime of Life Tech