Hacking Explainers: Two-Factor Authentication
13 Apr 2020
You might have come across the phrase “two factor authentication”, but what does this actually mean? What are two factor authentication apps?
Having strong, unique passwords and a secure password manager is a great first step towards keeping your online details secure, but in 2022 you should definitely be adding an extra layer of protection such as two-factor authentication (commonly known as 2FA) to all your accounts. And for all things multi-factor authentication and account security, we've got the expert info.
Motherboard's Lorenzo Franceschi-Bicchierai explains what two-factor authentication is, points out some good authentication apps, and shares how you can use 2 factor authentication to protect your personal details.
more juice on two-factor authentication
Most services these days offer two-factor authentication, so it doesn’t hurt turning it on in as many places as you can, but you should especially do so with important personal accounts such as your email, social media platforms, as well as banking and financial services.
By enabling two-factor, you'll need to provide something more than just a password when you log in to these accounts. Traditionally, this has been a numerical code or security key sent to your mobile phone via text message. Increasingly however, the “second factor” is an authentication code created by an app that you'll need to input in order to log in to any accounts that have 2FA enabled.
Authentication apps have quickly become the most popular way to enable two-factor across your accounts and thankfully they're easy to use with straightforward setup processes once they've been installed. They’ll even send a push notification when you need to approve authentication requests, making it easy to access or deny access.
Some of the most popular 2FA apps include the Google Authenticator app, Microsoft Authenticator and Authy. Third-party authenticator apps help by communicating between your online accounts and prevent hackers from gaining unauthorised access to important information. Only the user can gain access.
How two factor authentication apps work
2 factor authentication works by sending verification codes to your mobile device. They then require user authentication (that’s you) confirming some details. There are several authentication methods a third party authenticator app can use. Often you’ll need to confirm the number displayed in your two factor authentication apps matches the number on another screen. The first time you sign into a new device, you might need to use both password and a 2FA authenticator.
This multi factor authentication is a bit like if you needed to use both a physical security key and biometric authentication like a thumb print scan to access a building. It’s just that now, the authentication app and your user passwords are the two factors.
Besides offering better security than text message-based two factor, using these apps has an added advantage because they work offline and don’t require an internet connection. This means they will work even if your mobile phone doesn't have coverage at the time you're trying to log in on another device. This can prove to be especially handy when you’re travelling overseas and need to securely log in to services such as online banking.