Two-Factor Authentication

What Is It?

Generally speaking, the online services that we use regularly only require one form of authentication: a password. You tell the website who you are (your username) and then verify that you actually are who you said you are (with your password). Two factor authentication is exactly what it sounds like. Rather than having a single authentication factor, you have a second piece of information to identify yourself. Depending on the use, this may be a physical key that must be present when you type your password, it could be a fingerprint scan, or it could be a specially generated code that changes over a period of time. The most common two factor authentication for online services involves a 6-digit numeric code that gets regenerated every 30 seconds or so. Your phone or other device knows a secret about creating this code, and the online service you're using knows the same secret. When you go to a website to login, you enter your username and password. You are then prompted for the 6-digit code that is valid for that exact moment in time. Google, Facebook and many other popular sites both this method. Other services, such as Twitter, opt to send your phone a text message with a unique code when you try to login, which still requires access to your personal device.

Why Should I Use It?

If you haven't noticed, data breaches are getting a little too common these days. We're living in an era of technology and in a time when "data" is a buzzword among tech companies and news stories. Tech giants have your data, and everyone else wants to take it. Until the last several years, we have relied on passwords (and weak ones at that) to verify identities. With fast computers, it takes much less effort to crack passwords than it used to. The beauty of two factor authentication is that it doesn't matter who has your password. In order to login to my Gmail account, someone must know my username, password, and have physical access to one of my electronic devices during the exact moment he/she is trying to login.

Where Do I Start?

Some services have different solutions to this security problem, but luckily most of them support an open authentication standard. Google has created an app on iOS and Android called Google Authenticator. Getting started is as simple as going into the settings of whatever site you want to enable authentication on (Gmail, Facebook, etc.) and scanning a QR code on your computer with the Google Authenticator app. While this app does a great job of keeping things simple, it's just a little too simple for me. For instance, if I ever lose my device I have to reset all of the authentication codes for every service I use. You're also out of luck if you don't have an iPhone, iPad, or Android device.

--

--

UI/UX Developer, Musician, Photographer, & Oxford Comma Enthusiast. | CTO at Kommander Software (@detailkommander).

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jordan Kicklighter

Jordan Kicklighter

39 Followers

UI/UX Developer, Musician, Photographer, & Oxford Comma Enthusiast. | CTO at Kommander Software (@detailkommander).