DIGITALTANK
Published in

DIGITALTANK

2FA — The Second Key To Your Accounts

Two keys are better than one

2FA — also known as two-factor authentication or multi-factor authentication — is like an extra key to your account.

I’m sure that your password is super secure; you don’t reuse it anywhere, you always remember it, and you definitely don’t leave it on a sticky note or in a little book next to your computer. User credentials are not secure.

If you’ve never done it, take a minute to type your email into haveibeenpwned.com. My primary email has been involved in three different data breaches, some of which involved email addresses, geographic locations, names, passwords, and usernames all being released into the digital aether.

Two-factor authentication means that I have one less thing to worry about: my accounts have an extra key on them, and it’s still easy for me to log in when I need to.

There are three different ways that 2FA works: with a phone number, an app, or a hardware key — a USB key that you physically put into your computer. Each has a different level of security: phone number/text messages are least secure (but still MUCH better than nothing), apps are better, and physical keys are best.

Option 1: A physical USB or Bluetooth keyfob becomes your second key.

This is the most secure option, because there’s no digital way to steal the key. The downside to this is that the keys themselves cost between $25~$200. Professionals suggest that you get two of them, to use one as a spare. That can get spendy quick.

Google Authenticator App screenshot.
Google Authenticator App

Option 2: An app on your phone becomes the second key.

When you set up 2FA using an app, you download the app on your phone (the most popular one is Google Authenticator, but there are others). When you sign up for 2FA on a website, the site displays a QR code that the app scans, which adds the site into the app. Every 60 seconds the app creates a different code that the website will be able to use to verify your identity. If your phone gets lost, hacked, or stolen this can be a problem, but you can easily change phones by using the Google 2-step verification page.

Option 3: Your phone number becomes the second key.

When you set up 2FA with a phone number you give your number to the site you’re using. When you go to log in, you enter your username and password, and then the site texts or calls you with a secret, one-time-use code. You enter the code on the next page, and away you go. The problem with this system is that there have been known accounts that have been hacked because the hacker called and had the correct phone number transferred to a different mobile device, or spoofed cell towers. This is a very rare occasion, but since it has happened phone-number based authentication is considered less secure.

It takes time, but it’s worth it.

How to set up 2FA on your accounts.

This takes a bit of time, but it’s worth it. Consider it some good, healthy “digital spring cleaning”. Even if it feels like it’s not worth it because you’ve had bad digital habits in the past, putting in the work now means that you’ll be more secure from here on out. It’s worth it. If you wait to create good habits until you realize you’re being taken advantage of, it’s too late.

Step 1: Download an Authenticator App on your phone.

Follow this link to go the the Android App store location of Google Authenticator, and this link for the apple app store. Again, if you’re not a fan of Google, there are other options.

Step 2: Find out what accounts you have.

I have over 450 account credentials saved in my password manager. Not all of them are to services that offer 2FA. If you don’t use a password manager, you can find out what passwords your browser has saved by typing “chrome://settings/passwords” in Chrome or Brave, “about:logins” in Firefox, or going to Menu > Settings > Passwords and autofill in Microsoft Edge. (Though, Microsoft Edge was just rated least-secure browser by a study, so now is a good time to switch to Brave, the browser that was rated most-secure by the same study.)

Step 3: Go to TwoFactorAuth.org

Once you see the list of sites you have accounts with, open up this page in another tab. This is a website whose sole purpose is to collect information on whether or not an online service offers 2FA.

Step 4: Start at the top of the list.

Enter the name of the website into TwoFactorAuth’s search bar. The entry will be highlighed light green if it offers 2FA, and red if it doesn’t. If the site doesn’t offer 2FA, write it down in a note that you can set a reminder for in 6 months, or consider deleting your information and account from the site if it’s one that you don’t ever use.

Facebook offers SMS, Hardware Token, and Software Token (app-based) two-factor authentication.
Dutch Bros does not offer 2FA. If you feel so led, send them a tweet or a Facebook message.

When you click the link on TwoFactorAuth.org it will take you to the homepage of the website (for security reasons). You’ll need to find the profile, settings, or password/security area of each site to set up 2FA.

Make sure to use the three options in order of security: physical key, app, then phone number. (If you haven’t purchased a physical key yet, no sweat. You can, obviously, skip the first option for now.)

Since you’ll be at this for a while, pull of some tunes. I’ve really been enjoying Old Bear Mountain lately. I always enjoy Old Bear Mountain.

Multi-factor authentication doesn’t guarantee that you are 100% hack-proof. It just makes it much, much more difficult for hackers to gain access to your accounts. There are only a few other ways to secure your account that work as well as 2FA, and they’re not as easy to implement.

If you want to support me, please support yourself by downloading Brave Browser (←Affiliate Link) and installing it on your computer and phone. See this article for my how-to on installing Brave.

If you already have Brave, head on over to my website and tip me a few BAT. Thanks!

Right now the world is under quarantine because of COVID-19. Make your time at home matter in the long run. I’ll do my best to publish a privacy how-to every day for the next few weeks. Follow me here on Medium, follow my Facebook page, or send me a message and tell me to start a newsletter.

Top “keys” image provided by Marci Angeles on Unsplash and edited by me.
“Watch” image provided by Mitchell Hollander on Unsplash.

--

--

--

How to use the internet in a global digital society.

Recommended from Medium

Detecting Personal Data within API Communication Using Deep Learning

A trust based security model

Introducing the $MASK Public Twitter Offering

{UPDATE} STRIKERS 1945-2 Hack Free Resources Generator

Dangers of Quantum Hacking: A Threat To Encryption

FTP (File Transfer Protocol),SFTP and FileZilla Explained

Facial recognition and encryption can’t be put back in the bottle

DIFFERENCE BETWEEN WEB 2.0 AND WEB 3.0

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tank

Tank

Writer, coder, learner, designer, father, nerd.

More from Medium

The Trickle of Time and Promises

HTML PressKit Generator (enUS)

Stumbling, Fumbling, and Rebelling: NaNoWriMo for the Non-Novelist

Weekly #vss365 pt. 4