When it comes to cybersecurity best practice, Two Factor Authentication is widely viewed as a must-have. Two factor authentication adds an additional step to signing into any application which many feel is a bit of a headache, but more importanly it helps to safeguard and protect your online identity which is increasingly becoming central to the way many of us lead our daily lives. In this post i will share 5 things you need to know about two factor authentication.
1. Two Factor Authentication Also Known As….
Two factor authentication is also referred to as:
- Two step verification
2. How the Heck Does TFA Work?
- The traditional way of signing into an application is by using a User-Id and a Password
- As we all know your User-Id and Password can be relatively easily hacked – this is known as:
- Single factor authentication
- “Something you know”
- Two factor authentication – This makes use of 2 of the following:
- Something you know – such as your user-id and password
- Something you have – for example something that can generate a one time code such as a phone or a token
- Something you are – this is all about biometrics, like your fingerprints
Two Factor Authentication is a way of authenticating yourself by combining Something You Know (your user-id and password) and/or Something You Have (a card, fob) and/or Something You Are (your fingerprint)
3. Where should you use TFA?
In short everywhere, but particularly within applications that are personal and sensitive to you and your company. Assess If your account in any given website or app was hacked, what would be the risk? Could a hacker use those credentials at another more critical website or app?
In short i would recomment using two factor authentication for any:
- Email accounts
- Social media accounts
- Banking applications
- Payments platforms
4. Is Two Factor Authentication Bullet Proof?
No. Unfortunately there are ways and methods of hacking 2FA. There are several high profile cases where phone numbers have been hacked, transferred to another phone and/or intercepting SMS messages. Check out the following articles for further details:
- How attackers can bypass two-factor authentication by hacking your phone
- Using social engineering to bypass Googles two factor authentication
- Intercepting SMS / Texts used for 2FA
- 2FA is good, but you need to understand the weaknesses and opportunities for hacks
5. Which Websites Support Two Factor Authentication / 2FA?
The best place to find out is the Two Factor Auth website! Its pretty cool, you can search by sector and understand the two factor authentication method that is supported – for example SMS, Phone Call, Email, Hardware Token, Software Token