13 Mar Two-Factor Authentication: What is it and why do I need it to stay safe online?
March 13, 2018
Today, Americans are living more and more of their lives on the internet. We shop, bank, socialize, work and play online. But as our digital lives become increasingly important, they are also exposed to greater risks. Hackers are lurking around every corner ready to steal our identities, drain our bank accounts, and lock us out of our computers. That’s why we need to take extra precautions to safeguard our digital world.
You might have heard of two-factor authentication (2FA) and wondered what it is. In fact, it’s an increasingly important tool in the fight to stay safe online. Together with security software for your PC/mobile device and a password manager, it forms a kind of Holy Trinity of digital security. Here’s what you need to know.
First, why again is it important?
Data breaches are the new normal. More data was stolen in the first half of 2017 than for all of 2016. These breaches have in the past hit some of the world’s biggest retail chains (Target, Home Depot, TJX); hotels (Hyatt, Hilton); internet companies (Yahoo, eBay, LinkedIn) and many more. The result has been theft on a massive scale of the password/username combinations you use to access your accounts with these firms. With these credentials in hand, the bad guys can hijack those accounts — and any others you share the same passwords for — to drain your funds, locate more sensitive personal data, and buy goods and services in your name.
There are literally billions upon billions of breached log-ins circulating on the dark web. Last year, Yahoo alone admitted a breach of three billion user records. And in December 2017, a database of 1.4 billion stolen usernames and passwords — the biggest of its kind ever found — was discovered on a hidden site, all set up for hackers to use.
What does all of this mean? Practicing good password security is certainly still a good idea. But the steady stream of never-ending breaches will continue to put your log-ins at risk, and make managing the security of your online accounts a burden. Here’s where two-factor authentication can help.
How does it work?
Two-factor authentication provides an extra layer of security for your account, making it harder for the bad guys to gain unauthorized access. With 2FA, knowing the username and password alone is not enough to get in — you also need a second “factor”: something you know (e.g., your mother’s maiden name); something you have (e.g., a code issued via SMS, or by an app or dongle); or something you are (e.g., you fingerprint) that a hacker doesn’t (or isn’t). We focus here on the second kind — a code which constantly changes or expires after use. It can be delivered to you by text message or a secure application on your device/computer, making it virtually impossible for the hacker to get hold of.
We’ll start with the most common and easiest-to-use 2FA app.
How do I set it up?
Google Authenticator is the most widely used 2FA app on the market, thanks to the popularity of Google services such as Gmail and Google Calendar. This free app for Android and iOS can secure not just your Google account but many other non-Google accounts such as Dropbox, Twitter and Facebook. To set it up follow these easy steps:
- Download the Google Authenticator app from Google Play or the App Store
- Set up 2FA by logging into your Google account and going to “Security and Sign-In” à “Two Step Verification” à “Authenticator App”
- Select your device type (iPhone or Android)
- Open the Google Authenticator app and tap the + button
- At the bottom of the screen, choose either “Scan barcode” or “manual entry” to connect the app to your Google account. The first will require you to scan a QR code on your computer screen (i.e., using the Google Authenticator app QR code scanner). Or choose the second to have a 16-digit code sent to your email address.
- Toggle “Time-based” option to ON.
- Now each time you log-in to your Google account, it will ask you to input a six-digit code. Open the Google Authenticator app and the new one-time code will be there, which you enter into the 2FA field on the website, enhancing your security.
- To add new accounts to Google Authenticator simply enable 2FA in that account and then go through the QR code-activation process again.
Things to consider
Do you access your Gmail or Google Calendar from any application besides the ones supported by Google? If so, you will need to generate application-speciﬁc passwords. This is required because the applications may not have the ability to work with the Google Authentication app and request the code when logging in. Creating app-specific passwords allows you to use non-Google-linked apps to access your Google account data (Outlook for instance). If your device is lost or stolen, you will need to revoke the application-speciﬁc password to prevent unauthorized access.
What if I lose my mobile phone or laptop?
If you lose the device with the authentication app, your accounts could be compromised if you don’t act quickly. Should this happen and you don’t have a PIN lock enabled, use another one of your devices outfitted with an app like Trend Micro Mobile Security, which you can use to lock or wipe the lost device. Wiping the device is a tough decision to make, but if it ends up in the wrong hands, someone could get into your accounts, change your passwords, and effectively hijack your accounts.
Next, you need to stop that 2FA application on your lost device from generating one-time codes. Most two-factor authentication applications have a way of doing this in case of exactly these circumstances. It’s a good idea to set up a new device in your possession with a new 2FA app. That way, if the thief managed to get some of your passwords before you wiped/locked the device and then tries to access your accounts, they will be blocked.
Re-establishing a new device for managing the two-factor authentication codes should not be too burdensome. Google Authenticator, for example, issues a back-up code when users first sign up, which they can use in the event of a lost device. Note: most 2FA apps will only work on one designated device at a time — they’re designed like that to reduce the size of target you represent to the bad guys. However, Authy can work across multiple devices, increasing flexibility.
How many two-factor authentication apps are there?
Most of the most-popular sites on the web today have an option to turn on 2FA to secure your account—and the market is flooded with apps you can use to manage your 2FA log-ins from a single place. We won’t list them all, but here are a few of the most popular:
Google Authenticator: As described, this of the best-known and easiest to use.
Microsoft Authenticator: A free 2FA app which will link to your online accounts via the QR code scan mechanism.
Authy: A good alternative to Google. It works across multiple devices, so if one gets lost or stolen — or if you’re the kind of person who frequently upgrades their devices — it’s less hassle all round.
Trend Micro support
As mentioned, two-factor authentication is an additional factor for your safety, not sufficient unto itself. In fact, for maximum protection, you need 1) security software, 2) a password manager, and 3) an authenticator. Only with all three in place will you be assured of the best privacy and identity protection when accessing online accounts.
Trend Micro can help with 1) and 2). Our award-winning Trend Micro Security software consistently earns the highest rankings in independent lab tests, while Trend Micro Password Manager, bundled with Trend Micro Maximum Security, helps users securely store and manage their online log-ins from any location, on any device and browser. It works well in tandem with leading 2FA apps.
Watch videos to learn more about Trend Micro Security 2018 for Home.