Everything you need to know about two-factor authentication

Everything you need to know about two-factor authentication

A few weeks ago, we wrote 2 tips on creating better, more secure passwords that are easier to remember. You’ve gone to your accounts, upgraded your passwords, but still wish there was something else you could do. We don’t blame you – with more and more of our most personal information moving online, it seems a simple password is hardly enough. That’s why we’re here to talk about the next level of Internet security: Two-Factor Authentication.

Two-factor what?

Two-Factor Authentication (2FA) is an additional layer of security that makes your accounts significantly more difficult to compromise. Simply put, 2FA requires 2 sets of verification: both “something you know” (like a password) and “something you have” (like your phone, or an email account). As an example, think of a spy movie where someone enters a pin code at the door (something they know), and then goes in for a retinal scan (something they have).

An example

We’ll demonstrate the 2FA process with a Google Login.

1. You start by entering your email address and password like normal. (something you know)

 

2. But once your password is entered, instead of being logged into your account, you will be asked for a second, unique, one-time use pin.

3. Within seconds, you will receive a text message on your phone with that unique pin (something you have). Enter it and you will now have access to your account.

As you can see, Two-Factor Authentication improves your security significantly since even in the event someone compromises the password to your account, it would be very rare that they would have access to your phone at the same time.

We should note as well that 2FA isn’t restricted to just sending SMS messages. Depending on which service you are logging into, the service provider could offer SMS, Phone Call, Email, Hardware or Software token as options to authenticate for login.

Where can I use it?

Most service providers recognize the need to improved access security, so many have been working on 2FA implementation in the last few years. You can use this website: https://twofactorauth.org/ to check what services you use that currently offers 2FA.

The most popular productivity and retail services including Google (YouTube, Mail, Google Drive), Twitter, Facebook, Dropbox, Evernote, Amazon, PayPal & eBay already offer Two-Factor Authentication and if you’re a Start customer, you can expect two-factor authentication coming to you soon on our new, more robust customer portal as well. Not everyone is there yet, notably missing are major Canadian banks as well as the Canadian Revenue Agency.

For every service you use that supports Two-Factor Authentication, head over right now and enable it. It’s one of the best ways to keep your data safe on top of your unique, secure password.