I concede that usernames and passwords are a pain in the butt, and who really wants to add to that pain by adding a second layer of authentication when the first layer is already frustrating. But if you’re interested in keeping your most important accounts secure (and I hope you are) then enabling two-factor authentication is absolutely necessary and the single best thing you can do to keep your online accounts secure from hackers (although pairing 2FA with a password manager would be even better).
What Is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is analogous to having a debit card to withdrawal cash at the ATM or to pay for groceries at the checkout line. You can’t pay with things with just your PIN nor with just your debit card: you must have both. The payment gateway essentially asks two questions: “Who are you?” and “what do you have to prove you are who you say you are?” Your personal identification number (PIN) answers “who are you?” and the magnetic strip on your debit card answers the question of proving you are who you say you are. 2FA replicates those questions where your username and password answers “who are you?” and your phone answers “what do you have to prove it?”
How Does This Help?
Imagine this: a hacker compromises your username and password to your bank account(s). There are a million-and-one ways hackers can do this. One technique leverages social media and our psychological need for connection. So, frankly, your usernames and passwords are probably already compromised and listed on the Dark Web. A quick search using the “Have I Been Pwned” tool will reveal this; however, if you have 2FA enabled on your online accounts, it doesn’t matter if anyone or everyone has your username and password—no one else is likely to have your smartphone! Even on the off-chance someone else has your smartphone, you’ve [hopefully] secured it using biometrics like fingerprints or iris recognition so that your 2FA token is protected under another layer of security; furthermore, most modern smartphones can be locked and shut down remotely.
Two-Factor Authentication (2FA) Apps
Although there are several options, Firewell Technology Solutions agrees with The New York Times’ Wirecutter (Klosowski 2020) recommendation of Twilio’s Authy as the best two-factor authentication app. As The Times reports in helpful detail, Authy has the edge over other 2FA apps (like Google Authenticator, for example) for a few reasons:
- Authy is available for both iOS and Android.
- Authy is compatible with any site or service that uses Time-Based One-Time Password (TOPT). Services might not specifically mention Authy as a compatible choice, but if the service mentions Google Authenticator as an option, Authy will also work.
- Authy uses an intuitive grid-based design along with icons for each service generating a TOPT.
- Authy has a useful option—although disabled by default—to back up your tokens online using an encrypted password (so even if Authy is hacked, no one will get access to your tokens). However, if you forget your backup password, you won’t be able to recover your tokens either.
- Authy supports multi-device deployment (so you can have Authy sync tokens among multiple devices). I would advise disabling this feature once you have Authy deployed to your devices in order to prevent unwanted deployments to other devices.
In Short
Use two-factor authentication (2FA) to keep your online accounts more secure than merely having a username and password.
Firewell Technology Solutions recommends Authy.
Firewell Technology Solutions also recommends using a password manager to generate, store, and encrypt unique, strong passwords for all of your accounts.
We’re Here to Help
Do you need assistance in getting two-factor authentication set up on your personal accounts or throughout your business?