Jargon Buster Part 2: Two Factor Authentication

Next story

In this Jargon Buster we’ll look at two-factor authentication, two-step verification and other ways to further secure your logins details.

Image

Two Factor Authentication, or 2FA for short, is an extremely effective and often free way to improve the security of many of your online accounts.

Mark James, ESET IT Security Specialist, is going to take us through some 2FA basics, such as which online accounts you should particularly try to use it with as well as the pros and cons.


2FA: An easy security win


“Two Factor Authentication is a means to protect your private login credentials. The problem with usernames and passwords is that they are easily lost or stolen and in some cases you may not actually be aware they have been compromised.

“By taking something that we know (username and password) and then adding another securing feature like a ‘one-time passcode’ (OTP) you can further protect that login from guesses or brute forced attacks.”

A ‘brute force attack’ refers to someone repeatedly trying to guess your password. Usually this would be performed by a computer rather than an individual: very powerful computers could potentially guess millions, if not billions, of potential passwords per second.

“The passcode can be sent by SMS text, email, generated on a smartphone or small device called a token whenever you try to login.

“Usually the code will have a limited lifespan, a few minutes perhaps, before it expires, is unique and can only be used once. You’ll generate a new code every time you try to login so even if your usernames and passwords are compromised, without the OTP the login will fail.

“The benefits of protecting your login will far outweigh the inconvenience of making the login take longer to complete.

“It’s certainly something you should use for all of your financial logins and if possible any social media or cloud storage data accounts where available.

“The consequences of not using it are simply your increased risk of being compromised: with so many logins consisting of our email addresses when one data breach happens they already have 50% of your login details.”

If you are interested in using Two-factor Authentication on any or all of your online accounts, you can see which websites offer a 2FA option here.


Did you use two-factor authentication before reading this? Will you now?


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.