So in this post, I wanted to go over some high level information on Two-Factor Authentication. My goal here is to provide just enough information to enable the not-so technically savvy person to get a grip on stronger security methods for their online accounts. So if you're looking for an in-depth guide to two-factor, this might not be what your looking for. If you just want to get some info on how to better secure some of your accounts, then I think you've found the right place. Here, we'll go over things like:
What is Two-Factor Auth?
Two-Factor authentication is really what it sounds like. You have your user name and password (1-factor) then you have something else. Typically it's a code from your mobile device or keyfob. Occasionally it's something like a finger print or retina scan. But for most of us, you'll only use the code from your mobile devices.
Most accounts are setup so that you can use either an authenticator app or to receive codes via SMS. Both are really simple to use and relatively easy to setup. We'll go over apps later here, and I'll follow up with some other guides on setting up two-factor with various accounts.
Why do I want to use it?
The easy answer, because you want an additional layer of security on your accounts. With two-factor authentication enabled, an unknown device will need your user name, password, and your phone to successfully log in. That also means that you will need all three too.
A vast majority of the time when someone's Facebook account has been hacked, it's because the 'hacker' was able to guess your user name and password, or you received an email asking for your credentials, and you gave them away.... (PSA side note: any respectable online service will never ask for your user name and password. If you get an email asking for these, please make it as SPAM and delete the email...DO NOT RESPOND). With 2-factor auth enabled, it's now increasingly more difficult to get in, because the attacker now needs a special code from your device to get in. The big key here though, is that you can't loose your device... Most online services can provide you with backup codes that you can print off and save in a secure location in the event that you loose your device.
How do I use it?
For most accounts, you will need to go into your account settings, and burred there (usually with or close to the change password options) you should find an option to turn on Two-Factor authentication. Virtually (if not all) of the online accounts will use SMS by default. This is the fastest and sometimes easiest way to get up and running. You can also use an autthenticator app. I've listed some apps that I've used to setup 2-factor authentication along with my notes on them. In future posts to come, I will go over setting up 2-factor auth with SMS and with the DUO Mobile app (my favorite by far). Here is some more information on apps that can/could be used:
SMS
This is the simplest way to use two-factor authentication. Basically, once enabled, after providing your user name and password, the account will ask to send a code to your phone. Once you receive this code, you enter it and log in. No extra app needed and it follows you from phone to phone. This is typically the primary backup method for almost all of the online accounts for the reason that people change phones, and forget to setup the autentiactor app on the new device.
DUO Mobile
My favorite, by far. Once the app is installed, you just go to your account settings to turn on 2-factor auth, and once presented with the QR code, select the Key icon with the plus symbol (+) in the upper right and scan the code. Then the account has been added. When you need to log into a site, you simply go into the app and select the key icon next to the account you're logging into and use the key provided. Super easy to setup and run with. This is my go to for every account that works with it, and the app I'll be referencing in future posts for setup. For more information on DUO Mobile, check out their website here: https://duo.com/solutions/features/authentication-methods/duo-mobile
You can download their app from either Google Play or the App Store.
Rublon
Rublon is a separate option for DUO Mobile. It works just as well and wit similar features. I've implemented Rublon on various websites that I've worked on (mostly WordPress) and it works great. However, I haven't used their app for other social media accounts, and quite frankly, I don't think it was made for that either. More information on Rublon can be obtained from their website: https://rublon.com/
Google Authentiacor
This app works with multiple Google accounts, but lacks in support for different types of accounts. For more information on Google Authenticatior, see their support document here: https://support.google.com/accounts/answer/1066447?hl=en
Microsoft Account App
Only works with Microsoft accounts. extremely limited. For more information, please see http://www.microsoft.com
- What is Two-Factor Auth?
- Why do I want to use it?
- How do I use it?
In posts to follow, I'll go over how to set up Two-Factor Auth on various accounts. Such as Facebook, Amazon, Google, Yahoo, Outlook, etc. So let's dive in.
What is Two-Factor Auth?
Two-Factor authentication is really what it sounds like. You have your user name and password (1-factor) then you have something else. Typically it's a code from your mobile device or keyfob. Occasionally it's something like a finger print or retina scan. But for most of us, you'll only use the code from your mobile devices.
Most accounts are setup so that you can use either an authenticator app or to receive codes via SMS. Both are really simple to use and relatively easy to setup. We'll go over apps later here, and I'll follow up with some other guides on setting up two-factor with various accounts.
Why do I want to use it?
The easy answer, because you want an additional layer of security on your accounts. With two-factor authentication enabled, an unknown device will need your user name, password, and your phone to successfully log in. That also means that you will need all three too.
A vast majority of the time when someone's Facebook account has been hacked, it's because the 'hacker' was able to guess your user name and password, or you received an email asking for your credentials, and you gave them away.... (PSA side note: any respectable online service will never ask for your user name and password. If you get an email asking for these, please make it as SPAM and delete the email...DO NOT RESPOND). With 2-factor auth enabled, it's now increasingly more difficult to get in, because the attacker now needs a special code from your device to get in. The big key here though, is that you can't loose your device... Most online services can provide you with backup codes that you can print off and save in a secure location in the event that you loose your device.
How do I use it?
For most accounts, you will need to go into your account settings, and burred there (usually with or close to the change password options) you should find an option to turn on Two-Factor authentication. Virtually (if not all) of the online accounts will use SMS by default. This is the fastest and sometimes easiest way to get up and running. You can also use an autthenticator app. I've listed some apps that I've used to setup 2-factor authentication along with my notes on them. In future posts to come, I will go over setting up 2-factor auth with SMS and with the DUO Mobile app (my favorite by far). Here is some more information on apps that can/could be used:
SMS
This is the simplest way to use two-factor authentication. Basically, once enabled, after providing your user name and password, the account will ask to send a code to your phone. Once you receive this code, you enter it and log in. No extra app needed and it follows you from phone to phone. This is typically the primary backup method for almost all of the online accounts for the reason that people change phones, and forget to setup the autentiactor app on the new device.
DUO Mobile
My favorite, by far. Once the app is installed, you just go to your account settings to turn on 2-factor auth, and once presented with the QR code, select the Key icon with the plus symbol (+) in the upper right and scan the code. Then the account has been added. When you need to log into a site, you simply go into the app and select the key icon next to the account you're logging into and use the key provided. Super easy to setup and run with. This is my go to for every account that works with it, and the app I'll be referencing in future posts for setup. For more information on DUO Mobile, check out their website here: https://duo.com/solutions/features/authentication-methods/duo-mobile
You can download their app from either Google Play or the App Store.
Rublon
Rublon is a separate option for DUO Mobile. It works just as well and wit similar features. I've implemented Rublon on various websites that I've worked on (mostly WordPress) and it works great. However, I haven't used their app for other social media accounts, and quite frankly, I don't think it was made for that either. More information on Rublon can be obtained from their website: https://rublon.com/
Google Authentiacor
This app works with multiple Google accounts, but lacks in support for different types of accounts. For more information on Google Authenticatior, see their support document here: https://support.google.com/accounts/answer/1066447?hl=en
Microsoft Account App
Only works with Microsoft accounts. extremely limited. For more information, please see http://www.microsoft.com
Comments
Post a Comment