Two-Factor Authentication explained

Computer screen with mobile 2FA

You may have occasionally run across the term ‘2FA‘ or to give it its full name ‘two-factor authentication‘.

Some of your favourite apps might be offering this as an option in the settings. Most social networks have it too. If you have seen it, but don’t know what it is or why you should use it – that is what I am going to explain today.

The fact is that 2FA has become popular in recent years, and it is a common method of increasing security these days.

Even so, it is possible that you were not aware of it and you wouldn’t be alone.

But, if you are reading this now – that will soon end. By the bottom of this article, you’ll know precisely what 2FA is and be a more secure internet user as a result of it.

2 Factor Authentication – What is it?

As mentioned, 2FA is a security system that came as a result of an increase in cyberattacks.

It has been around for a long while now, and it represents an extra layer in the security of your accounts.

It works by adding an extra barrier to accessing your accounts. That can be in the form of a randomly generated pin via an app, an SMS message or a hardware key often called a ‘security token’ or a ‘hardware token’, but I’ll cover more on the different types later.

So rather than simply entering your usernames and passwords you need a further code or key to access your accounts.

It is now considered necessary, as well as one of the best ways of protecting your accounts. However, not enough regular internet users outside the tech world are making use of it.

2FA Phone

By using 2FA you reduce your chances of becoming a victim of a random account attack. However, it remains questionable whether or not it would be enough to protect you if someone personally targets you.

2FA, for example, might come as a text message, with a code being sent to your mobile phone via SMS. However, those who are targeting you personally might be intercepting your texts, in which case this method might not work, but again we’ll explore more on the limitations later in the article.

Why do I need 2FA?

You may think 2FA isn’t all that necessary but as the following statistics show, that couldn’t be further from the truth.

According to a Gallup study, it appears that Americans have become increasingly aware of the dangers of cyberspace.

71% of Americans are worried about their financial or personal data being stolen in a hack. At the same time, 67% of Americans worry about becoming a victim of identity theft.

Meanwhile, only 24% are worried about being affected by terrorism, and less than 20% about being sexually assaulted or murdered.

Silhouette of hooded hacker with laptop

Not to mention that over 1.76 billion records leaked in January of this year alone, the number of hackers, hacking attacks, and the cost of dealing with them is growing every year.

Finally, 91% of cyber attacks are a result of phishing emails, while at the same time – 92% of malware is delivered via email.

Improved security is of dire need, which is why you should be considering 2FA.

What types of 2FA are there?

As mentioned, the development of 2FA has led to the invention of several different methods of confirming your identity, the most common including:

1) App

One of the best examples is Google Authenticator, which is an app that you can configure in a way that will prove your identity when used. It is a handy way to gain access your accounts without having to rely on codes and messages, emails and passwords, and alike.

You would, of course, need your phone or tablet handy when logging into accounts.

2) Physical Key

Alternatively, you could carry a Physical Key with you, such as the YubiKey. This can also be used for confirming your identity when needed by connecting it to the computer or with newer versions to your phone.

2FA Key

3) SMS Message

SMS message 2FA is likely the most common method of protecting your accounts. It is effortless, and when you try to log into your account, you are prevented until you enter a code that is sent to your phone via a text. This method is often used by banks, social networks, and many others.

While common, this method is being advised against more so due to the increasing ability to intercept it.

What websites use 2FA?

2FA is becoming a standard form of protection, and many different websites and services are using it. Google uses it, and so do online banks, file storage services, game shops such as Uplay, and others.

Facebook has been offering it for years now, as well as other social networks. Payment services like PayPal also have it, and many others.

However, keep in mind that, while many offer it – not all of the sites and services have it yet. You cannot use 2FA on any website, and it must offer it as an option.

You can check whether a website or a service you are interested in has 2FA by using the site twofactorauth.org. There are others not mentioned in this list, but this is pretty extensive for the significant services and sites that support 2FA.

Is 2FA vulnerable to hackers?

We already mentioned that 2FA could be bypassed in some instances. As with everything, nothing is infallible or “unhackable”.

For example, texts can be intercepted these days by anyone with a computer and some hacking knowledge. If you are a CEO of a major corporation, using SMS-based 2FA might not be the best course of action.

Twitter CEO, Jack Dorsey, knows this all too well in recent days since his own Twitter account was hacked. While this was a consequence of a SIM swap attack, it is one of the limitations with a text-based two step verification.

Twitter logo on tablet

Famous former hacker Kevin Mitnick even showed his method of bypassing 2FA with a tool that can be weaponised and used for accessing almost any site.

For regular people, however, even text-based 2FA is better than not using anything.

If you are attacked as part of a more significant effort, and the hackers are not focusing on you specifically, 2FA should be good enough.

2FA Infographic

Other ways to stay secure online

Enabling 2FA is a significant first step to increasing your data security, but there are other measures you can take including:

Summary

2FA came to be as another security layer that is supposed to confirm your identity when accessing your accounts.

However, over the years, criminals have found methods of bypassing some of them. Like all security systems, it’s an ever-changing cat and mouse game.

While some 2FA systems are susceptible, it is much safer to be securing your accounts with it than not.

Think of it like houses, which house would a burglar target? Two identical houses, one with an alarm and one without.

Whatever method of 2FA you choose, be it an app for your mobile devices, physical key fob or message-based, enabling it will keep your accounts that extra bit secure leaving the bad guys to go for the weaker low hanging fruit.

Illustrations © Yuliana92 & Ekinyalgin | Dreamstime.com

Ali Raza

Author: Ali Raza

Ali is a journalist with a keen interest in VPN usage. He is an expert in the field and has been covering VPN related topics for VPNCompare and numerous well-respected publications for many years.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sign up to our newsletter

Get the latest privacy news, expert VPN guides & TV unblocking how-to’s sent straight to your inbox.

ExpressVPN deal