Two-Factor Authentication (2FA)

It’s been a while since we’ve tackled a heavy technical topic. Two-factor Authentication, a form of security (more important than ever in a Post-Snowden world), has been in the news lately (think celebrity iCloud photo leak), so let’s get right to it!

Close up of an internet log in screenWithout 2FA, you enter in your username and password, and then you’re done. The password is your single factor of authentication and is not the safest route? Why, because if you use your birthday, pet’s name or street address, someone can easily guess your password, pretend to be you and log into your account, accessing all of your personal information (no bueno). This way of authenticating a user is most common today but that is also why websites encourage using STRONG, less-common combinations for your passwords and sometimes even force you to do this, though it can be painful. (While we’re on the topic, check this list of the 25 worst passwords and steer away!)

imgresNow, what if, in addition to asking you your username and password (single factor), a website, app or service asks you an additional question (second factor). That is exactly the topic of this article: Two-Factor authentication or 2FA. We already use this in our daily lives. For example, when you go to an ATM, you swipe the card (factor #1, physical) and enter your pin number (factor #2, knowledge). You’ve also probably experienced 2FA when dealing with your bank. If you try to access your account from a new computer or different browser, the bank requires you to enter your username & password (factor #1, knowledge) AND they will often send a 4-6 digit security code to your cell phone (factor #2, physical), that you then need to enter along with your username and password to authenticate yourself. 2FA, although not bullet-proof is safer and more secure that one-factor authentication.

Two (2) of the following criteria must be met/validated in 2FA:

  1. Something you know, such as a Personal Identification Number (PIN), password, or a pattern

  2. Something you have, such as an ATM card, phone, or fob

  3. Something you are, such as a biometric like a fingerprint or voice print

You can enable 2FA for yourself! Start with email. Both Gmail and iCloud provide this service and they’re super easy to setup. You can also enable 2FA on Facebook, LastPass (password service) and Dropbox (file sharing). For a complete list, check here.