A report released by Microsoft found that 99.9% of all account compromises could be prevented if the users had enabled multi-factor authentication on the accounts. This shows that simply using multi-factor, or two-factor authentication, is a very effective measure to secure our online accounts and keep out attackers. For most users, understanding, let alone using, two-factor authentication can be challenging. This post will explain what two-factor authentication is and how to use it to secure your online accounts.
Why and how are accounts breached online?
There are a lot of reasons why hackers target online accounts. While many may be for purely financial gain, there are other reasons to protect our accounts that don’t involve money at all. Here are some common targets and reasons:
- Your bank – to steal the money in your accounts
- Amazon, Walmart, other online shopping: to make fraudulent purchases
- Your email account (Gmail, Hotmail, Office365) – if a hacker controls your email account, they can use it to access just about everything else. They can perform password reset requests on your accounts and have that request go to your email. Then they can change the password and gain access to many other accounts
- Facebook, Instagram – attackers can use your account to advertise their own products, post embarrassing things from about you, or send out spam
- Your blog – hackers can deface your blog to attack your reputation, add their own posts, use your blog to spam others
Most of what we do online now involves some sort of an account. A lot of personal information is held in these accounts. Our accounts are very attractive targets to attackers because of this. What makes their job easier is that users tend to use easily remembered passwords that are easy to break. In addition, these weak passwords are often used over and over again on multiple websites. If one is broken into, then the attacker can break into others.
What is two-factor authentication?
A factor is a way of proving you should have access to an account. A password is an example of this. It’s your password for your account, so you are given access to it. Fingerprints, or other forms of biometrics, are another factor. Sometimes websites will send a text message to your phone with a code that you must enter into the site to gain access. Since it’s your own phone, this shows the account belongs to you. In more basic terms, a key to your car is a way of proving that the car is yours.
Two-factor authentication combines more than one of these together to ensure that a failure of one doesn’t give access to your account to an attacker. Passwords are easily guessed, stolen, or changed. They don’t give any real security since humans have trouble remembering really strong passwords. Adding a second factor to your accounts makes this easier. Even if the attacker has your password, they wouldn’t be able to get into your account.
The most common ways that two-factor authentication is used are text messages and authentication apps. While receiving a text message is better than nothing, hackers have routinely been able to get around this.
Authentication apps are one of the most secure and easiest for the everyday user to make use of. Google offers its own app, Google Authenticator but this article will focus on Authy. It is a free app that offers strong security. It is very easy to learn and use.
Authy makes using two-factor authentication easy
Authy is available for both Apple iPhone (and iPad) and Android phones/tablets. There is also has a desktop app that can be installed using the Chrome browser. This means that you can use Authy wherever you are. There is no charge to use Authy.
To get started, go to the app store for your device and search for Authy and Install it.
Once it is installed, open the app. You will need to enter your cellphone number so that the app can set itself to you. It will send a text for you to verify.
Once your phone number has been verified, you will need to set a master password. This will encrypt all of the account information in Authy. If you plan to use Authy on more than one device, this is how the information is synced securely.
Make sure that you remember your password. If you lose it, you could lose access to all of your two-factor authentications.
Now its time to add your first account.
Instructions for Apple devices:
- Log into the website that you wish to protect with two-factor. Each site will be different, but under your user or profile settings, there should be a security section. There, an option to enable two-factor authentication should be available. Here is the location in Amazon:
- Open Authy on your device. Click the red + sign at the bottom of the screen to Add Account.
- Scan the QR code on the website you are adding to Authy using your device. You can also manually enter the key provided by the website to Authy if you don’t wish to scan the QR code or your camera is unavailable.
- Set the icon for the website so that you can easily recognize it in Authy.
- Click Done
- Now you have added your first account to Authy.
Instructions for Android devices:
- Log into the website that you wish to protect with two-factor. Each site will be different, but under your user or profile settings, there should be a security section. There, an option to enable two-factor authentication should be available. Here is the location in Amazon:
- Open Authy on your device. Click the … icon for the menu at the upper right-hand side of the screen to Add Account.
- Scan the QR code on the website you are adding to Authy using your device. You can also manually enter the key provided by the website to Authy if you don’t wish to scan the QR code or your camera is unavailable.
- Set the icon for the website so that you can easily recognize it in Authy.
- Click Done
- Now you have added your first account to Authy.
Using Authy for Two-Factor Authentication
Once you begin adding your accounts, Authy will look similar to the picture below. There will be an icon for each account and the label.
The number code in the picture above is called a token. It changes every 30 seconds. You can see this with the blue bar at the top of the screen under the account name and email address. That bar will shrink as the 30 seconds goes down.
To log into a website that you have enabled two-factor authentication on, click on the icon for that site in Authy. You will see the 6 digits random number, or the token. Enter that number on the website.
Here is an example using Amazon:
Once you enter the code, within the 30 second time limit, the site will give you access.
Please keep this in mind. Do not forget the Authy password. If you do, it will be very difficult to get access to Authy. In addition, protect your phone. If it were stolen, then a thief would have everything needed to access your accounts online.
Be sure that your phone is secured with a good password.