Double the Protection: Why Two-Factor Authentication Is a Must
A simple step that makes it twice as hard for hackers to break in.
Welcome back to The Cyber Minute, a five-part series packed with bite-sized, high-impact cybersecurity actions you can take in less than 10 minutes.
In Part 1, we tackled one of the most obvious (but often overlooked) vulnerabilities: weak passwords. Now that your credentials are stronger, let’s talk about a quick, powerful way to make your accounts even more secure: Two-Factor Authentication (2FA).
One of the most effective things to do to protect accounts, both personal and business, is to use two-factor authentication (2FA). It’s also called multifactor authentication (MFA), while some sites call it two-step verification. Use two-factor authentication for email. But banking sites and banking apps? Absolutely! I also suggest turning it on anywhere and everywhere it is offered.
Two-factor authentication is a security process in which users must provide two different authentication factors to be verified. This better defends both the user’s credentials and the resources a user can access. 2FA adds an additional layer of security to the authentication process. This makes it harder for attackers to gain access to devices or online accounts because just knowing the victim’s password is not enough to get past the authentication check.
The two factors involved typically include something you know (like a password or PIN), something you have (like a smartphone or a security token), and/or something you are that is part of you (like a fingerprint or other biometric data).
Two-factor authentication is very common already, like logging onto a website and getting a multi-digit code via text that must then be entered. But websites are getting away from this method because hackers are developing the capability to exploit vulnerabilities in SMS (text messages) and intercepting this code (I’ll describe this in more detail later when I discuss mobile device takeover schemes).
If a hacker can guess or crack your password, then having two-factor authentication turned on will prevent the hacker from being able to log into your account. By requiring a second form of identification, 2FA makes it significantly more difficult to impersonate a user and gain access to computers, accounts, or other sensitive resources.
The best 2FA methods
Biometrics
Biometric authentication uses unique physical characteristics of an individual to verify their identity. Common methods include fingerprint scanning, facial recognition, iris or retina scanning, and voice recognition. However, biometrics aren’t foolproof. They can be tricked (though it’s very difficult) and, unlike a password, if compromised you can’t change them.
The advantages of biometrics are: 1) high security (they are unique to each individual and difficult to replicate or steal) and 2) convenience (users don’t have to remember passwords or carry additional devices).
The disadvantages are: potential privacy concerns. Biometric data is sensitive, and some people do not want it stored by third parties. Also, some systems might struggle with accuracy in different conditions (e.g., poor lighting for facial recognition).
Authenticator apps
These apps generate a time-sensitive code on a user’s mobile device. Popular examples include Google Authenticator, Microsoft Authenticator, and Authy.
The advantages are these are more secure than SMS-based 2FA since they are less susceptible to interception or SIM-swapping attacks. They are convenient for users who have a smartphone. The disadvantage is dependence on a device. If a phone is lost, stolen, out of power, or used internationally, access can be problematic. Also, not everyone has a smartphone.
Hardware tokens
These are physical devices (like a USB key or a small fob) that generate a passcode or use a push button to authenticate a login. YubiKey is a well-known example.
The advantages are they are not connected to the internet and are thus less vulnerable to remote attacks. They are easy to use, often requiring just a button to press or a USB slot. The disadvantages are they can be lost or damaged and replacing them can be costly. They also add the inconvenience of carrying an extra device.
Take 10 Minutes to:
Turn on 2FA for your email, banking apps, and any site that offers it
Download and connect an authenticator app like Authy or Google Authenticator
Review your login methods and upgrade from SMS to a more secure 2FA option
Cybercriminals aren’t just guessing passwords anymore, they’re exploiting gaps in weak authentication methods. By adding a second layer of protection, you’re making it exponentially harder for anyone to access your personal information, even if your password gets compromised.
In Part 3, we’re diving into Antivirus protection and what you actually need to keep identity theft at bay.
For detailed step-by-step instructions on how to protect yourself, purchase my book, Cybersecurity: Everything You, Your Family and Every Small Business Owner Needs to Know