A guide to two-factor authentication

Passwords have been around for as long as the internet has existed. But thanks to sophisticated cyber attacks, a single password alone no longer cuts it. It isn’t difficult to create a strong password, but there is something else you can do to protect your information, and that is to activate two-factor authentication.

So, what is two-factor authentication?

Two-factor authentication, also known as 2FA, is an additional layer of security to your online accounts and apps. As well as requiring your username/email and password that you used to set up the account, two-factor authentication requires you give a second identity confirmation to check it really is you. There are multiple ways to do this.

How does two-factor authentication work?

After you log in to an app or online account using your standard email and password, you will then be asked to confirm your identity a second way. There are several ways this could be done:

Biometric data - This could be your fingerprint or facial recognition if your phone allows

An answer - Something like a unique PIN, a second password or the answer to a security question selected by you

Something you have - This could be a credit card, token, phone, SIM card

While some of these methods are more secure than others, and each one has its own benefits, two-factor authentication essentially means that even if your password is compromised (check out our guide on how to create a strong password) then the hacker still shouldn’t be able to access your account.

Why should I use two-factor authentication?

As technology and software develops, the standard single password just isn’t enough to keep your information protected anymore. With security breaches continuing to take place, adding two-factor authentication gives your sensitive data another layer of protection.

Here’s a few benefits of using it with everything from your apps and online banking to your wireless home security system:

Better security - Of course, this one is a given with everything we have discussed. Even if your password has been leaked or compromised, the hackers still won’t be able to get into your account unless they know the second piece of information

Cheap - Many websites and apps - such as Google, Facebook and Amazon - will offer this extra layer for free. Some sites may charge a small fee however

Easy - Where it is available, two-factor

authentication is incredibly easy to set up. For the majority of apps and accounts you will just need to go into settings and turn it on

Why companies need to use two-factor authentication

When companies are lax on their security, it leaves their customers vulnerable to attacks. When people sign up to use an app or a website, they are entrusting their data to the company. If an attack happens and data is compromised, the company is then liable. For some industries, two-factor authentication is now required by compliance regulations in order to keep information private and secure from outside attacks.

As an example of two-factor authentication’s effectiveness, let’s take a look at Google. Since early 2017, Google has required all of its 85,000+ employees to use a physical security key as opposed to a password and a one-time code. And since then, none of its employees have been subjected to a phishing attack.

In addition to the extra security and complying with industry regulations, it can also help improve flexibility and productivity. As we move towards more remote and flexible working, two-factor authentication provides a secure way of accessing company data without compromising the safety of the network it is located on.

Is it secure?

There is little doubt of the benefits that two-factor authentication brings to the security of your apps and online accounts. However, just like with all measures, it can still be vulnerable to outward attacks. Hackers can be persistent, and if they have the right knowledge and experience, then they can still get around certain measures, for example, security questions.

How do they do this? Well it requires incredibly sophisticated technology and social engineering techniques, but text messages or emails - which provide verification PINs - can be intercepted and other accounts can be hacked into. There are even reports of people being impersonated on password reset phone calls.

However, these are rare, and if you use biometric data as your second verification step then it is even more unlikely that you will be targeted.

On the whole, two-factor authentication is incredibly safe - much more so than a single password - and it acts as a strong deterrent to would-be attackers eyeing up your accounts.