Let’s review a super-quick bunch of questions and answers to help you get started… Trust me, it’s easy!
So what on earth is Two-Factor Authentication, also known as 2FA?
2FA allows a second layer of security when accessing your online accounts. Even if a hacker knows your password, they still will not be able to access your account without entering a special code that is created approximately every 30 seconds. Only you will have that code!
But what if I store all my passwords in an app? Isn’t that safe enough?
No, it’s not. Just because you are organized and have all your passwords in an app, it doesn’t mean someone can’t “hack” your Facebook or other account. Storing your passwords in an app that is designed to secure them is a great idea, and so is ensuring that all of your passwords are different from each other. A hacker who knows your password to one site, may guess and successfully login as you on another site! Having a creative password is not enough anymore.
So why do I need 2FA?
More and more corporate sites are hacked each day. In 2018, Marriott, the hotel chain had a severe data breach where over 500 million customer accounts were hacked. This means that anyone who knows your username and password could login, and make transactions on your behalf, especially if your banking or credit card information is stored on those sites. So the best course of action is to use 2FA, because even if the hacker knows your password, they still need a 2nd security code to get in. That’s where 2FA comes in to the rescue.
What do I need to get started to secure my online accounts?
- First, you’ll need a free app for your smartphone. That’s the best device to put the apps on. Get either Google Authenticator or Microsoft Authenticator. The latter is my preference, but you can pick either. Both apps are available on the Google Play Store (Android) or the Apple App Store (for iOS).
- Go to an online website you already can access, and look in the security settings of your account to see if they support 2FA. If they support it, then great! Enable it!
- Important: 2FA can be offered in various ways… some sites will send a text message only, and some will support a random code to be generated. You’ll want the random code option. This is because a hacker can spoof your telephone number and ultimately gain access to an SMS text message sent to you. The random code is also idea for when you must be in airplane mode (when you can’t receive a text message), or when cellular service is poor. If a text message is your only option, choose it anyway, as it’s still a 2nd layer of security that is important to have for your account.
- For those who have chosen a random code option, the website will likely ask you to scan a QR code with your Authenticator app. Once you scan the code, you’ll immediately have a 6-digit (or other numerical sequence) showing on your phone. The website will ask you to type in the code that is currently on display on your smartphone to ensure that it is set up correctly. Once you do so, that’s it!
- Now, the next time you login to the site, you just have to open up the Authenticator app and key in the special code after you have entered your username/password. While it sounds like an extra step and an annoyance, it certainly is! But you will also have a better peace of mind with those websites, knowing that a hacker will not be able to access your account.
2FA couldn’t be easier to use, and many companies are now forced to use this option for their customers to ensure that their account data remains secure.
For those who have corporate accounts, or those who manage a large business or use Office 365, you can also approve/use Microsoft Authenticator on your Apple Watch to approve requests instantly. It makes it much easier and faster to login, and it remains secure, so long as the watch is in your possession and unlocked.
Got questions? Need help? Just leave your notes in the comments…