How to protect your online accounts using 2FA (Two-factor Authentication)

Estimated reading time: 5 minutes

Introduction: Why do I need to protect myself?

Now more than ever, our daily lives are increasingly tied to our online presence. And with it, the global threat of hackers and key-logging viruses is increasing as well.

Have you ever used the same password for more than one account? Most people are aware they should use a unique password for each account, but many choose not to because it’s inconvenient / difficult to memorize them.

But that’s not all – nowadays, most people’s entire digital persona is available online. If your password is brute-forced, hijacked or circumvented in some fashion, a hacker could gain access to all of your social media accounts, your bank accounts or even your cell phone!

How is this possible? Because many of these services are tied to your personal email account. When you click the ‘forgot password’ link on your banking website, your cell provider or your Facebook account, where is the reset link sent to? Your email.

So how do you protect yourself? We’ll show you how!

What is 2FA & why is it so important?

2-factor authentication, also known as 2-step verification, is a means of securing your logins by requiring a secondary authentication method in addition to your password. Examples are:

  • Answering a set of secret questions
  • Using a code sent over text message
  • Using a code from an app installed on your mobile phone

For the purposes of this article, we’ll be recommending the mobile authenticator app method – this method is the most secure. As you will see, these apps are quite simple to use and are free to download on iPhone & Android.

You have a choice between which app you prefer to use, as most of them will work with any service that supports 2FA, but to get you started, here’s list for you to choose from:

Here’s how it works:

  1. The app generates a random code every seconds
  2. When you log into an account such as Facebook or Gmail, enter your password as you normally would
  3. If you’ve configured the account to use 2-step verification, you will be prompted to enter a code from your mobile phone after you punch in your password.

How does it protect me?

Because logging in requires physical access to your smartphone, this simple code is enough to protect you against a cyber attack even if a hacker steals your password.

Use two-factor authentication to secure your account against cyber attacks

OK, so I downloaded an authenticator app on my phone. What now?

This is where things get a little tricky. Each service has their own way of configuring Two-Factor Authentication, and some of them are not exactly ‘well-polished.’

The good news is, many of them have step-by-step documentation. For your convenience, we’ve created a list of how-to links for some of the most common services below:

 

Sounds great! But what if the service I’m using doesn’t support authenticators?

Unfortunately, some companies are still using old, outdated methods of security e.g. secret questions or worse, nothing at all. So what can you do in this situation?

The best thing to do is contact these companies & voice your concerns about cyber security.

If enough people get together and let these companies know that our privacy and security are important, eventually they will listen!

Alternatively, you can vote with your wallet and switch to an alternative that does support two-factor. Here’s a great website that provides a very comprehensive list of these services: https://twofactorauth.org/

Additional ways to secure your account

So you’re stuck with a service provider that doesn’t use 2-factor, and you have no other alternatives. What do you do now?

Well, here are a couple of simple solutions we recommend using even if you have 2FA enabled:

Use a strong passphrase

What’s a the difference between a passphrase and a password? It’s commonly thought that strong passwords should contain random characters & are nearly impossible to remember.

However, a better method is to choose 3 or 4 random words, and simply type them out with spaces included. This is what’s known as a ‘passphrase’. Not only is it way easier to remember, using a passphrase is secure.

(Credit: Randall Munroe, XKCD)

 

Use a password manager

Even using passphrases, you might still have trouble remembering logins for so many different accounts. This is where a password manager like Bitwarden comes in handy. This service is free, but they also offer a paid option which gives you some extra features.

How it works:

  • You use a master password which unlocks access to the Bitwarden Vault
  • The vault contains all your passwords
  • The Bitwarden App can auto-fill passwords into web forms & iPhone / Android apps for you, which reduces the chances of being compromised by keyboard logging attacks

Using a password manager helps you keep track of all your passwords in a secure location, without having to write them down.

It’s also important to note that password managers support two-factor authentication & yes you should use it.

 

Using a password manager can help you keep track of all your passwords securely

I need help with all of this!

Allow Leap Cloud Solutions to be the perfect partner for your business.

Book your free discovery call today to learn more.

Why gamble with your IT investment?

“I’m tired of IT systems that are operating poorly. Tired of expensive & limited solutions that don’t scale with the business. Tired of support applying short-term bandaids to long-term problems. I want a solution that scales without any IT hassles. I want technology to be an aid, not a burden. And I want a team of experts I trust to lead the way. I’m ready.”

Well said. Let's make that happen.