Two Factor Authentication – It’s No Longer Optional.

There is an old saying that there are two guarantees in life:  Death and Taxes.  Well, when it comes to personal computing, there are two guarantees as well.  Passwords and password changes.  Yes, if you use a computer, a smartphone, or anything that connects to the internet, you have a username and password as a means of identifying who you are in order to access information.

For many years, the standard has been that your username be unique, as well as your password.  This criteria for many years has been sufficient in guarding your account information at your bank, your social media accounts, everything.  However, this is no longer the case.

Two Factor Authentication (2FA)

What is “two factor authentication?”  Simply put, it is a way of identifying yourself by use of multiple pieces of information.  Without getting into the gory details, it means that you are using something else, in addition to your username and password, to verify your identity.  Many corporations have used this type of technology for years.  However, for consumer users of computers, this is something we are seeing more and more each day.

To give an example, lets say you have a Gmail account.  When you login, you enter your username and password and you press enter to login.  If you have two factor authentication enabled, once you login, you would be presented with a screen asking for an additional code to enter.  That code could come in the form of a text message, or through use of an authentication app.  Once you enter that additional code, you gain access to your account.

At this point, I can already hear you groaning at the idea of having to enter something else to secure your account.  Thoughts like, “That’s annoying!”, or, “I have to enter another piece of information to check my email?”, and finally, “This is stupid!  I’m not going to do it!”, I am quite certain are going through your heads.  However, before you make a hasty decision, consider the following scenario.

Vacation Gone Wrongvacation gone wrong

A husband took his wife and kids on a family vacation to San Francisco.  For this trip, the husband brought his smartphone, and instead of a laptop, he decided to bring his Android tablet.  After a wonderful two weeks in sunny California, they decided to hit up Fisherman’s Wharf for some last minute shopping.  After several hours of walking around, they returned to their vehicle only to find both back windows smashed out.  Several items of luggage were stolen, including, the husband’s bag that had his tablet inside.

That tablet had all sorts of apps, such as email, banking and investment apps, all major social media account apps, and the like.  After having to deal with the frustration of having their stuff stolen, this husband spent the better part of the night changing passwords for literally everything in his digital life.  It was at this point that he setup two factor authentication where he was able to do so.

What If It Was You?

Imagine yourself in the above scenario.  Having to frantically change passwords before the other person got to your digital stuff is not fun at all.  If that person had setup two factor authentication on his accounts prior to the theft, that would have at least put up a roadblock for the thief, while that person went down the list to change passwords.  Two factor authentication is not the “magic wand” of security.  It is simply another means of securing your information.  You can either do that, or run the risk of a hacker getting access to your banking information, or deleting all your photos from your cloud account.

Setting Up 2FA

Setting up 2FA (more jargon to impress friends) is very simple, and you may already be using it.  If you have logged into your bank from another machine that you typically do not use, the website may say they have sent a verification code via text message.  This is a form of 2FA.  Another way you can set this up is to go to your social media sites and look under settings/security.  Usually you will find a way to enter your mobile number and enable two factor authentication.

You may download and use apps like LastPass Authenticator, or Google Authenticator.  These apps allow you to setup 2FA with different sites that allow use of such an app.  You scan a barcode that is provided by a website, and once you have it in there, each login you do will require use of that additional code.  A nice feature of 2FA is that you are instantly notified on login attempts.

Many sites that allow, or even force you to setup 2FA also allow you the ability to check a box to remember you on that machine.  This way you do not have to enter a secondary code each time.  A word of caution on this.  By doing so, if your device is ever stolen, and they can get to your apps and have a greater chance of logging into whatever site(s) you have enabled that feature.  I would caution against doing this from your tablet or mobile phone.

No Excuses

Two factor authentication is not a passing fad, but is a standard in computer security.  When considering whether or not to set it up, ultimately the decision rests with you.  However, each week it seems we hear about another company having a security breach.  Therefore, 2FA is no longer something that is optional, but is a necessity in securing your digital life.