Beginner's Guide to Two-Factor Authentication

Implementing two-factor authentication (2FA) is one of the most efficient ways to protect your online accounts and devices. Below, I will go through the basics of 2FA and offer some tips on how to get set up and start using this powerful security mechanism.

According to Microsoft, your account is 99.9% less likely to be compromised if you use any form of multi-factor authentication. So, don't forget to take action and enable 2FA for all your online accounts after you read this article. Because if you don't protect your accounts, you leave yourself open to all sorts of cyber attacks.

What is two-factor authentication?

2FA is a digital security mechanism which requires people to provide two out of three possible types of identification: something they know, something they have, or something they are. Two-factor authentication is a subset of multi-factor authentication (MFA), which is similar to 2FA, but requires more than two types of authentication methods.

Believe it or not, you may have been using two-factor authentication for quite some time now without knowing about it. Anytime you want to withdraw money from an ATM, for example, you need to provide something you have (a credit card) and something you know (a pin) to confirm your identity.

There are several types of authentication methods that can be used for 2FA: one-time passwords, biometric security mechanisms (fingerprint readers, etc.), SMS codes, physical tokens, etc. One-time passwords and codes are generated by secure web servers and synchronized with a dedicated application that is installed on the end user's mobile device or computer. Those unique passwords, one-time login links, and SMS codes expire and are renewed quickly, making it virtually impossible for hackers to brute force their way into the system.

Software-based 2FA solutions.

Using an app that's installed on your smartphone is one of the most popular ways to improve the security of your online accounts.

Microsoft Authenticator has been around since 2016; today it works with more than 400 online services, including Facebook, Dropbox, Twitter, and Slack. To use it, install it on your smartphone, and then visit each platform that interests you to set up 2FA by scanning a QR code. Yes, it's as simple as that. Then, whenever you want to access the platform, your phone will notify you that somebody is trying to log in, giving you the option to approve access or deny it.

Google Authenticator was released in 2010, and it supports countless platforms like Dropbox, Facebook, Twitter, Evernote, and Snapchat. Once you have set up 2FA using a QR code, you can log into your online account normally, using the username and password information. However, an additional window will pop up, asking you to input the 6-digit code that's generated by Google Authenticator and changes every 30 seconds.

There are many more two-factor authentication apps, of course, but these two are the most popular.

Hardware-based 2FA solutions.

This two-factor authentication method provides an extra layer of security. The truth is that your smartphone may have been hacked, so cyber criminals may be able to log in and approve access to your accounts using Microsoft Authenticator, can see (and use) the 6-digits codes generated by Google Authenticator, and so on. Even SMS messages and one-time login links can be intercepted if the device is compromised. More than this, with software-based methods, you waste some time typing in some sort of PIN anytime you want to access one of your accounts that has been protected using 2FA.

Hardware based two-factor authentication methods solve these problems by making the process more secure and easier for the user. People use devices like YubiKey, which can be plugged into a free USB or lightning port, and then used to log into your computer, a website, or any other service securely.

Since the additional factor is never transmitted using radio waves, hardware-based 2FA devices offer improved security when compared with their software equivalents. Nevertheless, it has been proven repeatedly that even an app-based two-factor authentication mechanism provides much better security in comparison with the standard username/password authentication method.