What is Two-Factor Authentication (2FA)?
Bad news first. If a site you use only requires a password to get in and doesn’t offer 2FA, there’s a good chance that it will be eventually hacked. Fortunately we have a solution for this.
2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access, they will be required to provide another piece of information. This second factor could come from one of the following categories:
-
Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern.
-
Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token.
-
Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice print.
With 2FA, a potential compromise of just one of these factors won’t unlock the account. So, even if your password is stolen or your phone is lost, the chances of a someone else having your second-factor information is highly unlikely.
The most popular form of two-factor authentication uses a software-generated time-based, one-time passcode (sometimes called soft-token).
First, a user must download and install free 2FA app on their smartphone or desktop. They can then use the app with any site that supports this type of authentication. At sign-in, the user first enters a username and password, and then, when prompted, they enter the code shown on the app. The soft-token is typically valid for less than a minute. And because the code is generated and displayed on the same device, soft-tokens remove the chance of hacker interception. That’s a big concern with SMS or voice delivery method.
For a low-risk online activity, authentication by text or voice may be all you need. But for websites that store your personal information – like utility companies, banks, or email accounts - this level of 2FA may not be secure enough. If you use SMS or voice delivery method please consider to change it very soon!