What is two-factor authentication and why should you use it?

This page was translated using AI and machine learning.

(Pocket-lint) – Over the past few years, you may have heard a number of companies, app makers and service providers announce that they are launching two-factor verification (2FA), l two-step authentication (2SA) or multi-factor authentication (MFA).

If you’ve ever wondered what it is, or if it’s worth using, we’ll try to answer your questions in this feature.

What is two-factor authentication?

To boil it down to the simplest explanation, it’s basically adding a second layer of protection to your account, app, or service to go along with your usual method of logging in. In most cases, this involves receiving a code via SMS to your mobile number, but more and more apps and services send a confirmation number to your device as a notification. Sometimes you can just tap the notification to approve the connection.

How does two-factor authentication make your account more secure?

The idea is that you add a confirmation step to your login attempt. Using the SMS example, this means that no one can log into the account from a new device – even if they have your password – because the verification would be sent to your phone number.

When someone tries to log into your account when they press “submit” it takes them to a screen asking for a code. This code was sent to the registered mobile number as an SMS.

Some apps will use other devices logged into that account, sending a notification that you can respond to. The approaches to 2FA are many and varied.

Does two-step authentication always require a mobile number?

Not always – there are a range of implementations for 2FA.

For example, WhatsApp cannot use your mobile number as a second verification method because it is the primary method of login. So instead it asks you for a six-digit PIN from time to time, or when you log in from a new smartphone.

Although Apple uses SMS verification for iCloud account security, it also uses its “Trusted Devices” method. Using this method, it sends a code directly to a trusted and verified device, which then appears in a small window on the screen. Google has a similar system where it may ask you to confirm signing in from another device to this account.

Where texting isn’t used, it’s often possible to get a two-factor authentication code from a dedicated app like Google Authenticator. These types of apps simply provide access to a time-sensitive code that changes after a set period of time and is therefore constantly secure, but gives you quick and easy access to your account.

Some services even require you to use a passkey. This means there’s a physical security device to unlock accounts, usually with a USB connection so you can plug it into a device to authenticate yourself – some use fingerprints and others offer NFC. The advantage of a physical key is that it cannot be hacked – the disadvantage is that it can be lost or stolen.

What if I lost my phone?

Most services offer more than just the phone number texting method to connect. Almost all of them will offer you the option to generate backup codes or, like Apple, will give you a recovery key which is a very long string of letters and numbers that you can instead of using your password and SMS code .

In many cases, when you land on the verification page, you are given the option to select another method from the default for that app. This often means you can use something else if it’s easier.

Is it worth it?

Yes. Absoutely. Once configured, it only adds an extra step to login to your account from a new device or browser.

It’s always worth doing, and not doing so can often lead to privacy nightmares. A Washington Post article revealed just how dangerous it can be. There have been several incident reports where owners of smart home cameras had their devices hacked and spied on by criminals simply because they did not use a secure password and enabled two-way authentication. factors.

In case someone gets your password and tries to access your account, you’ll have peace of mind knowing they can’t get in without also having your phone which – even if they have it – is likely locked and protected with a password, pattern, or fingerprint.

To add more privacy, there are settings in Android and iOS to ensure that you can prevent SMS notifications from showing up on a lock screen. Just head to Settings > Notifications and select the apps whose info you want to show on the lock screen, or choose to hide sensitive info (on Android).

How to move Google Authenticator to a new phone

If you’ve set up Google Authenticator on your phone and have multiple accounts signed in to it from different sites and apps, you might be worried about moving to a new device.

If you buy a new phone, whether it’s an Android or an iPhone, it’s now possible to move an entire Google Authenticator account to the new device in one go without having to move each account individually. Which is awesome.

To do this, open the Google Authenticator app on your old device and click the menu button then “transfer accounts” from there, then select “Export accounts”, select all the accounts you wish to export, then click next. This will then generate a QR code (or two) that can be scanned.

Keep it running and then open the app on your brand new phone. Click on the same menu button and “transfer accounts”, then select “Import accounts”, then you will have the option to scan the QR code on the original phone and simply import the full list of accounts in one one easy action. Hassle-free security on your new device. Don’t forget to erase your old phone if you don’t use it anymore, because the accounts will still be there.

How to Enable Two-Factor Verification on iCloud, Gmail, Twitter, etc. ?

For most accounts you have, you will normally find the two-factor verification option in your account security settings. This usually just means finding your settings options, which is normally straightforward. Most services you connect to have an option, but here are some of the more popular services:

How to Enable Apple Two-Step Verification

For your Apple ID or iCloud account, go to appleid.apple.com, then sign in to your account and find two-step verification in the Security section, then choose to turn it on.

You will then go through a very easy to follow setup process. Also, be sure to create a recovery key, then write it down somewhere safe, where you know you’ll never lose it.

How to Enable Google 2-Step Verification

For your Gmail/Google account, sign in to any Google service, or simply go to Google.com and click on your profile picture in the top right corner, then select “My Account”. Click on the “Sign in to Google” option under the Login & Security tab. Look for the 2-step verification option and choose to enable it.

Here you can add your phone number, choose to get a Google prompt on your phone, set up backup codes that you can print out, or download and install the Authenticator app on your Android or iPhone phone.

How to Enable Twitter Login Verification

Log in to Twitter on the desktop and click on the small thumbnail image in the toolbar, then select “Settings and privacy” from the drop-down menu. Check the “Check connection requests” box in the security options, and – if you haven’t already – enter your mobile number so that it can send you SMS codes.

You can also use the Twitter mobile app to generate codes when you log in by opening the sidebar menu, heading to Settings & privacy > Account > Security > Login code generator.

How to Enable Facebook Two-Factor Authentication

In Facebook on the desktop site, click the little globe icon in the toolbar, then go to Settings > Security & Login, then choose “Use two-factor authentication”.

You can add your mobile number for SMS codes, add security keys to connect via USB or NFC, or generate codes in the Facebook mobile app. You can also generate app-specific, one-time use passwords for apps that don’t support Facebook’s two-factor authentication.

Written by Cam Bunton and Adrian Willings. Edited by Chris Hall.