What is two-factor authentication?
Also known as “2FA” or “TFA,” two-factor authentication is considered an added layer of protection that requires a username and password, along with a second method of verifying your identity, such as a fingerprint, retina scan, bank card or even a smartphone application.
How does two-factor authentication work?
Simply relying on a username and password is no longer sufficient to protect against identity theft.
Essentially, two-factor authentication gives you extra protection by requiring something you know – a password, for instance – and something only you can have, like your phone.
An example of two-factor authentication might be when you request bank information online.
After entering your pre-determined password, your bank might send your phone a second code, like a PIN number, which will be required before your data is accessible.
A hacker may know your password, but if they don’t have your phone to access the PIN number you’ve been sent, they hit a roadblock.
Another example is when you visit an ATM to withdraw cash or check your bank balance.
ATM’s require both a bank card that the authorized user possesses, along with a personal identification number that the user must know.
Without either of these things, access will be denied.
Common types of two-factor authentication:
- Hardware tokens are small security devices, such as a bank or “smart” card or key fob that provide the owner with access to something such as a computer, ATM, or even entry to a building.
- Push notifications allow a particular applications, such as a smartphone app, to notify a user about activity on an account.
- Mobile passcodes and SMS passcodes generate new passcodes that are unique and ever-changing.
- Phone callbacks rely on your phone for security access. Your phone will receive a call and you will be given a specific prompt to follow – such as pushing a particular key combination – to authenticate access to your account.
Where can I use two-factor authentication?
Use of 2FA security methods has only grown in recent years.
Gmail, for instance, can send users a code through text message when an attempt to log in to an account is made from an unknown machine.
Facebook relies on a service called “Login Approvals,” which, like Google, can send its users a code via text message when someone tries to log in through an unrecognized or new machine.
Apple, Twitter, DropBox, PayPal, Microsoft, Yahoo!, LinkedIn, and Amazon also uses similar two-factor authentication that involve apps or text messages.
TwoFactorAuth.org has compiled a helpful list of popular websites and whether they support two-factor authentication.
The site allows visitors to browse via categories, such as banking institutions, cloud services, domains, entertainment, email, and more.
Simply choose a category and browse the sites; each will either note that it is supported (and will identify whether it is through software, phone, hardware, or other methods) or, if it isn’t, will say, “No 2FA.”
The list even allows you to send a Tweet to sites that don’t use two-factor authentication, urging them to beef up their security by using the method.