2 step verification, multi-factor authentication, or 2-factor authentication are ways to describe the security model of using a step beyond your password to authenticate yourself. Because so much of our personal and work lives are online, we need to do anything we can to provide an extra level of protection to those accounts.
The Simple Password
Creating a strong password used to be enough to feel like your online accounts were safe from prying eyes. Make it at least 8 characters and add in some numbers and a special character and you are good to go. Unfortunately, crooks have devised easy ways to steal those passwords with malware and through other nefarious ways. Bad guys will steal your passwords when they are sent in plain text over public WiFi networks. They’ll steal your banking password when you’re the victim of a phishing attack using a fake web site. They can even crack your password by running a dictionary attack. This is where they throw every word in the dictionary at it until something sticks.
Protecting Yourself
To protect yourself from being a victim of any of these attacks, take your security to the next level with 2 step verification. Even if the bad guys figure out what your password is, they don’t have access to your phone where you get your 2 step verification code.
How does 2 step verification work? The web site where you have 2 step verification configured will still have a place to enter your username and password. After you enter them successfully, you will get prompted for a code. The site will determine how long the code is. Some sites it is 6, while others just use a 4 digit code. The method of delivering that code can vary too. The majority of sites deliver the code via a text message. Others will deliver the code via email. After you get the code, you enter it on the site and then get access to your account. With 2 step verification enabled, you no longer just need that much-valued password to get into your online account.
A More Secure 2 Step Verification
While the most common method of delivering that 2 step verification code is the text message, it is not the most secure. Using an authenticator app on your phone is a better way to secure your account. If the website allows it, and not all do, you should use an authentication app like Google Authenticator or Authy. My preference is Google Authenticator. Instead of being sent a text message that could get intercepted, you go to the authentication app on your phone and type in the number that is displayed. You can have multiple accounts set up in one Google Authenticator app.
Hackers will not stop trying to get access to our critical data. At the very least we need to have 2 step authentication enabled on our accounts to have a fighting chance against these criminals.
See also How to Identify and Protect Yourself from Phishing Emails
Implemented
Fantastic