Monday, October 2, 2017

Two Factor Authentication (2FA)

 
Two Factor Authentication, or 2FA, adds an additional verification step, and thus additional security, when logging into your on-line accounts. This additional step helps protect your account in case your password is compromised. According to the Electronic Frontier Foundation (EFF) "Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts."
 
Two Factor Authentication works like this, first you go to your account’s login page and enter your user name and password as normal, after validating that your user name and password are correct you are sent a single use authentication key to complete your login. This authentication key may be sent as a SMS/Text Message or you may obtain it from an App such as Google Authenticator or Authy App. With some web-sites, such as Paypal and eBay you can also purchase a physical token which will generate the authentication key when you push a button on the device.
 
 
With Two Factor Authentication turned on in your accounts, a person must both know your login and password, and have possession of your smartphone to receive the verification code.
Just a few places where you can use Two Factor Authentication include: Amazon, Apple, Dropbox, eBay, Evernote, Facebook, GoDaddy, Google, Hushmail, Instagram, LastPass, LinkedIn, Microsoft, PayPal, Pinterest, Protonmail, Slack, Snapchat, Telegram, Tumblr, Twitter, VK, WhatsApp, WordPress, and Yahoo Mail. There are many other places that you can use Two Factor Authentication, and I recommend that you check with all of your on-line banking, shopping, and utility accounts to find out if they offer this service to their customers. Whenever Two Factor Authentication is available, you should use it.
 
You may read articles that claim Two Factor Authentication can be defeated. Yes, this is true. All security can be defeated given enough skill, time, and money; but it’s far easier to compromise an account protected by just a password than it is to compromise an account protected by a password and Two Factor Authentication. Adding Two Factor Authentication to your accounts doesn’t make them un-hackable, but it does make them much harder to hack. When you make your accounts harder to hack, you defeat that subset of adversaries that lack the skill to overcome the increased security provided by Two Factor Authentication.
 
 
The best Two Factor Authentication is provided by hardware tokens. Examples include the FIDO U2F Security Key (https://goo.gl/uGXLcQ) and the YubiKey4 (https://goo.gl/1jxKvQ).  The next best option is using an App such as Google Authenticator or Authy App. Finally, there is Two Factor Authentication sent by SMS/Text Message, which still provides good security but is, at least in theory, easier to defeat than the other two methods.  
 
So, yes I personally use Two Factor Authentication on all of my accounts where it is available; and I recommend it to anyone who wants to add another layer of security to their own accounts on-line.
 

 
 




No comments:

Post a Comment

Note: Only a member of this blog may post a comment.