What is two-factor authentication and why you should use it

Submitted by Freedomman on Thu, 11/30/2017 - 13:05

Two-factor authentication can make your online accounts practically impossible to hack.

November 24, 2017 - Having a strong, unique password might not be enough if hackers trick you into giving it away or steal it from your email provider or bank.

That’s why for your most sensitive accounts - think your email or banking accounts - you should set up two-factor authentication (2FA). This simply means adding a second step to log into your accounts. First, the password. Second: either a code sent to your cell phone via text message, or created by a special app on your phone. Even better, the second step can be inserting a physical token such as a security key.

Hackers are getting better at phishing 2FA codes or stealing them by taking advantage of flaws in the backbone of cellular networks worldwide, known as SS7. So using security keys is the best way to make phishing practically impossible, and is the most secure way to do two-factor authentication. You should avoid using SMS if possible, as it’s a two-factor method that’s relatively easy to attack.

With SMS or app-based 2FA, hackers can still trick you into giving those codes out to them. But a physical security key can’t be phished. A hacker would have to steal your password and then physically steal your security key to hack into your account. The security advantages provided by security keys are the reason Google has launched a new feature called Advanced Protection, which requires the use of these physical devices.

With two-factor authentication, even if hackers steal your passwords they still won’t be able to get into your accounts.