Two-Factor Authentication: More Than Just a Text Message

Living with two-step verification by Jonathan Wylie

For years, IT professionals have been telling us to create strong, unique passwords in order to help us stay safe online. Not everyone knows what a strong, unique password is, but if you sign up for a new web based service, the chances are high that they will force you to choose a password that has at least 8 characters, and includes a number, a capital letter and/or a punctuation character. However, in the world of data breaches that we now live, a strong, unique password is no longer enough. Enter two factor authentication.

Two factor authentication adds an additional layer of security to your online data. It means that even if someone does get their hands on your password, they will need to perform an extra step in order to verify that the right person is accessing your account. This additional step is available in a variety of different forms, depending on the service you are using. Here is a look at some of the more common options.

Text Message Codes

Perhaps the most common form of two factor authentication is a six-digit code that is sent to your phone via a text message. This means that in order to sign in to your online account, a hacker would have to have access to your password and your phone. While this sounds secure, SMS verification is not as secure as your might think, and privacy groups will tell you that giving your phone number to an online service is another way they can collect data on you to help sell ads.

Authentication Apps

One alternative to SMS codes would be an authentication app like Authy, Google Authenticator, or Microsoft Authenticator. These apps generate random codes that you can use in place of the text message code that is sent to your phone. You set it up by scanning a QR code in the security settings for the service you are wanting to access so that you can link the app to your account. Then, when you are prompted to enter your two factor authentication code, you simply open the app on your phone and enter the code that is displayed. When you use an authentication app, you don’t need to give your phone number to online companies, and the ability to intercept your text messages is removed.

Backup Codes

Some services will let you use backup codes. These are basically an offline version of the six digit codes that you are sent by text message. You can print a copy to have with you if you are going to be without your phone for a period of time, or are traveling overseas without access to mobile data. However, they are called backup codes for a reason. They are not meant to be used on a regular basis because although backup codes are not exactly the same as writing your password down on a piece of paper, they are pretty much the next best thing.

Security Keys

A fairly recent option for two factor authentication is the security key. You can buy USB security keys on Amazon and other places. They are supported by sites like Google, Facebook, Dropbox, and Microsoft. To activate a security key, you log in to your account, click on the security settings, and then follow the steps to register a security key. Once enabled, you can skip the six-digit code and simply plug in your USB key to verify your identity. If you don’t have your USB key to hand, you can verify with a text message or authenticator app instead.

Google Options

Google supports all the methods detailed so far, but it has a couple of unique options too. One is called Google Prompt. You can enable this in the security settings of your Google account. Again, it replaces the six-digit text message code. Instead, all you need to do is open the Gmail app on your phone and tap a button to confirm your identity. If you have Gmail notifications enabled, you can even do this from the notifications menu. It works on iOS and Android phones.

If you have an Android phone, you can also use it security key to access your Google services via the Chrome browser. A recent update, allows you to use the same technology to verify sign-in on an iOS device. All you need to do is have your Android phone close to your iOS device when you are signing in to your Google account.

Security vs Convenience

Two factor authentication is an important security step for anyone to consider. Yet, many people don’t bother. Why? There is an inverse relationship between security and convenience. The more secure something is, the more inconvenient it is. Two factor authentication does slow down access to your favorite sites, and not all websites support it, but the peace of mind you get from adding an additional security layer is hard to beat in a world that relies on online apps and services.

Leave a Reply