Why and how to use two-factor authentication?

Two-factor authentication is a double verification of your identity when you log in to a service or a site. But why should you use it?

Almost everyone knows or at least heard about two-step verification (also called Lockdown). It is most commonly used in financial apps that use this authorization method to improve security.

It’s time to learn some important information about two-step verification. Until the passwordless login mechanisms and dynamic blocking are improved, this is the best way to protect our accounts from hacking.

Why should you be afraid of hacking and theft of your personal or financial data? Because a person is imperfect and often uses one password for many accounts. If cybercriminals get your login information on one website, they will definitely try to check all other possible websites and services. What if they get lucky and find the password that works everywhere? Root-Nation tech blog explains how to properly configure and use two-factor authentication in this article.

How does two-factor authentication work?

When you log into your account, you must not only provide the correct password but also enter an additional code generated earlier or sent to your device. This level of security means that even if someone knows the password for your account, they will not be able to enter your profile without entering an additional code.

Two-factor authentication also has additional benefits. In the event of an unauthorized attempt to log into your account, you will receive a notification, and you can immediately change your password so that you can stop worrying about someone stealing personal data in the future. In addition, this method allows you to protect you even in the event of a massive password leak when a service is compromised. Attackers will not be able to bypass two-component verification.

What can I use for 2-step verification?

For two-factor authentication, you can use:

  •         code received by email;
  •         phone call with confirmation;
  •         mobile phone (a code sent via SMS);
  •         smartphone or tablet – apps for generating keys, such as Google Authenticator and Microsoft Authenticator, or other apps for mobile authorization, such as bank clients;
  •         OTP tokens (one-time codes);
  •         A physical security key (U2F security key) connected to the USB port (such as a Yubico or HyperFIDO security key).

Now I have to enter two passwords each time?

No, you don’t have to do this every time. You need to understand that after logging into a computer, you can add it to the list of trusted devices (for example, if it is a home computer). This way, after a successful two-step verification, you will be able to log in, as usual, using your password.

But why do I need this if I do not store or send important data?

You need to be aware of the risks associated with hacking your email account, network drives, Google services or social networks such as Facebook, Instagram, Twitter or others.

Let’s be honest. Have you ever uploaded documents or a screenshot of important correspondence, tax returns, or even a copy of your passport or identity card to cloud services? If the answer is yes, then the data that the web services contain is enough to steal your digital identity and use it for personal gain.

The data you once emailed may still be in your Inbox or Sent Items folder. The thief can even use the data to take out a loan using your passport details. And this is just the tip of the iceberg that can lead to many unpleasant and often costly situations. Hacking email is not a trivial matter and cannot be underestimated.

People who conduct their business using Google, Microsoft or Facebook tools face another problem: losing access to an account and leaking personal data can be tragic for a company. This is much worse in terms of financial consequences than the loss of private personal data.

Losing Steam, Origin, or Epic accounts (which recently started requiring a two-step login to get free games), your ISP’s or mobile carrier’s personal account accounts can also be unpleasant.

How do I enable two-factor authentication?

All you need to do is turn on the two-factor authentication feature in the settings of a particular app, site or web service. The system itself will offer to perform the necessary actions and issue backup codes for accessing the account if necessary. Save them in a safe place, preferably in physical form (print or save to a file on an external drive).

If the service supports two-step verification, there will be options for sending SMS codes to a phone number or using a code generator. Some services also allow two-step verification using a FIDO U2F physical key.

When setting up my account, I entered my phone number, is this two-factor authentication?

Unfortunately no. Thanks to adding a phone number you will be able to recover your account (which someone hacked and changed your password), but this will not help you avoid data leaks.

Is it worth using this identification method, or is it better to switch to the increasingly popular passwordless login?

By passwordless login we mean, for example, logging in using biometrics (Windows Hello or FIDO2-compliant physical keys). FIDO2 physical keys are interesting, but we don’t advise using biometric-only logins without additional security. Biometric data can also be leaked.

By far the simplest, most effective and cheapest method is two-step verification. Even the simplest SMS protection gives you more security than logging in with just one password. Apps like Google Authenticator are more reliable and secure.

Business users might have corporate secrets, and for them it is best to use physical U2F keys. But be prepared for the fact that although they are inexpensive, you will have to carry them with you at all times (usually keys exist in the form of small USB sticks). On the other hand, such security keys will provide more reliable protection than regular passwords.

Will I feel completely safe with 2-step sign-in?

This method will greatly increase your safety, but not all of its options can be considered 100% safe. Two-step login is just one of many digital security challenges, which also includes network traffic encryption and anti-tracking (VPN) protection, media encryption, or simply understanding threats like phishing.

Of course, you should still be vigilant and attentive on the web, use complex passwords, do not download or open unknown files and attachments. Remember, attackers try to make the most of human weaknesses. Using two-factor authentication will help to protect your personal data, trade secrets and money as much as possible.