Keep cyber criminals at bay, use 2FA!

One of the easiest ways to better protect your online accounts is using something called 2FA, or 2 Factor Authentication. Don't worry, it's not difficult to setup or hard to use but it will pretty much stop cyber criminals being able to access your accounts!


What is 2FA?

2FA is basically a way to improve security on your accounts by requiring an extra piece of information during login. Now, don't worry, it really isn't a big inconvenience! Instead of logging in with just your username and password, you have to provide a 3rd piece of information. To get started, you enter your username and password as normal:


facebook login form


Once you've done that you'd normally be logged in to your account, but if you have 2FA enabled there is an extra step.


facebook login code


The specific example I'm using here is Facebook and their app on your smartphone will provide the login code. When you try to login to the website, you will get a notification on your phone to prompt you to open the code generator.


facebook notification


You click the notification, unlock your device as normal and the Facebook app will open on the appropriate screen.


facebook code generator


You simply enter the code from the Facebook Code Generator into the website and then you're logged in to your account, it's that easy! The added security here comes from requiring the additional code to login. If an attacker somehow manages to get hold of your password, when they try to login to your account they will also be asked for the code and at that point they will be stuck as they don't have it!


Protect your email accounts!

Your email accounts are probably the most important account you have to protect online. If a cyber criminal can login to your email account, they can usually reset the password on other services that you use by going through the password reset process and being able to receive the reset email. Most large email providers now offer 2FA and you absolutely must enable it if you want to keep your account more secure.


GMail: https://myaccount.google.com/security/signinoptions/two-step-verification

Outlook: https://account.live.com/proofs/Manage


You will notice that the phrase Two-Step Verification or 2-Step Verification (2SV) is used sometimes too, like on the GMail and Outlook pages above. Whilst there is a technical difference between 2FA and 2SV, for the purposes of this article I'm not going to detail them. They both add an additional layer of security to your account and this is exactly what we want.


You probably already use 2FA...

Some of you may be sat there thinking that this sounds like too much of a burden or a hassle to have to do every time you login, but you likely already do it. Have you ever used one of these or something similar?


barclays pinsentry


This is what my bank gave to me and is what they refer to as a PINsentry. When I login to my online banking I have to pop my card in it, type in my PIN number and it gives me an 8 digit code to type into the website before I can login. Or, in other words, 2FA! The only difference is that when you enable 2FA or 2SV for your online accounts you don't need to carry around your card or a little device, it can all be done with an app on your phone or the codes can be sent to you via SMS like Twitter does.


How do I know if the site has 2FA?

You can have a look around in the Account section and see if there is an option to turn on 2FA or 2SV but there's also a handy site that you can do a quick search on before you start digging.


check for 2FA


Head over to twofactorauth.org and type in the name of the site you want to setup 2FA on. It will then let you know whether the service supports 2FA.


2FA on GMail


Getting started

I'd recommend setting up 2FA on your really important accounts like email and then social media first. When you go through the setup process, the site will tell you which app you need to download for your smartphone (most can be done with Google Authenticator or Authy) but I'm going to write up guides for some of the big sites and publish them at a later date so check back. For now, you can use the following links to setup 2FA or 2SV on some key websites you may have accounts on:


Facebook: https://www.facebook.com/settings?tab=security&section=code_generator&view

Twitter: https://twitter.com/settings/security (Security -> Login Verification)

Snapchat: Open the app, go to Settings and then Login Verification.

LinkedIn: https://www.linkedin.com/psettings/two-step-verification

GitHub: https://github.com/settings/security

PayPal: https://www.paypal.com/cgi-bin/webscr?cmd=_security-token


If you setup 2FA then please leave a comment below to let me know!


Scott.
Short URL: https://scotthel.me/get2fa


Author image
About Scott
Researcher, blogger and international speaker. I'm the creator of report-uri.io and securityheaders.io, free tools to help improve online security.