What the heck is Two Factor Authentication, sometimes called Two Step Authentication? The most important thing that you need to understand is why this is so important, how easy it is to get in a habit of setting it up on absolutely every important website and app, and why this is your best line of defense when you need to protect yourself and protect what I like to call your digital assets.
Imagine you lived in a really nice studio apartment in downtown New York City. Let’s imagine, at the entrance to your building, there isn’t a doorman but instead, a digital keypad. To enter the building, you have to enter a specific series of numbers. Of course, you could share these numbers with your roommate or your friends and family members. Think of that first place where you’re entering a number or a code as the first layer of protection, the first layer of security or, in other words, the first factor of security.
Okay. Now, we’re in the building, and once we’re in the building, we make our way up to your apartment door. Once we’re at your apartment door, there’s another keypad where I have to enter a code. That would be the second factor of security or the second layer of security, if you will.
Let’s just pretend that there was a bad guy that found his way into the building and somehow he’s figured out the access code to the lock on your door, your apartment door. Well, that’s okay because you have a third factor of security or a third way to authenticate who it is that wants to come in. And now, that third layer of security is going to protect you.
So if you understand factors as layers of security, I’m sure you’ve already decided that you are most comfortable with at least Two Factor Authentication. Back in the old days, we didn’t have to locks our doors. But as times changed, people realized that security was pretty important and they moved from just having a simple lock on their door to having a deadbolt or high-tech security and the same is true with the Internet. Our passwords use to afford us enough protection. Now, passwords can be easily retrieved through social engineering and other means.
So if someone were to get your password which is not that difficult to do, that’s just one factor of security. By using Two Factor Authentication or Two Step Sign-In Process, what you’re doing is creating that extra layer of protection.
Here’s how it works. I have a password for, say, Twitter. And when I sign in with Twitter, it now will say, “Okay, great. You’ve signed in.” And we’re going to auto generate a code which no one has is generated the moment you enter your password, and that code will be sent to a device, only one device, a device that I registered to my phone number. That’s a second factor of security.
So it’s not just me entering my password, but I’ve also enabled Two Factor Authentication. In other words, I’ve given Twitter or whatever platform you’re doing this on, I’ve given them permission to say, “yes, I would like for you to require a second layer to authenticate the fact that it’s me”. So, just in case someone has my password, they would get this code automatically generated but it would only be sent to the place that I have determined it to be sent, which 90% of the time is going to be your singular cellular device.
The steps that I have just described create two factors of security or two factors of authentication. And you might be wondering, well, but what if somebody has your phone, Chalene? What if you’re in an airport and somebody sees your phone is sitting there and this code just pops up on your phone? Well, that’s why I personally choose to have a third factor of authentication and that’s my fingerprint.
Now, even if you have my password and you have my phone, you can’t see the code on my phone unless you have my fingerprint that allows you to open my phone. You can’t open my phone unless you have my fingerprint or my security code that I used to lock my phone. All of them are reason why you must lock all of your devices that includes desktops, laptops and your smartphones, and where it’s available, use fingerprint detection.
Now, there are ways around this. It’s possible the same way that it’s possible somebody could break into a bank with 20 layers of security. It’s possible. Our job is to make it more difficult to make it tougher to get in, to create as many layers of authentication or security as we feel are necessary to make us feel comfortable. Do you have to use Two Factor Authentication in all of these sites? You don’t but you’re leaving your front door wide open. Your action step today is to take a look at every one of your important accounts, social media, banking, email, you name it, log in and set up Two Factor or Two Step Authentication.
Now, keep in mind that many sites call this something different. They might call it Two Step Verification, Two Step Authentication, Two Factor Authentication. It doesn’t matter what they call it. You want to make sure if they offer it and you’re using it.
For a list of websites that offer Two Factor Authentication, you can go to this web address, twofactorauth.org. There, you can type in the name of the web address or software program that you’re using to quickly find out if they offer Two Factor Authentication.
And as just an extra third layer or third factor of safety for you, make sure you’re using a passcode on your phones and all other devices and not one the people can guess like 111, 1234, or your birthdate. Make sure it’s auto generated and it’s random, otherwise, people can figure it out and perhaps a fourth layer of verification is this.
Many sites now give you the ability to actually see log in activity. This gives me the ability not only to see where the person might be logging in from but on what type of device they’re using. This is great. Even when somebody on my team upgrades their phone, they have permission to log in to a particular account, I still get a notification letting me know a new device and a new location has currently logged in, and that gives me peace of mind.
Of course, we have to consider convenience. But when in doubt, create as many layers of protection, security, authentication as is still reasonable and convenient and secure for you.