Single factor authentication, which most of us know of as logging in with a prearranged typed in password, has been used for decades as the primary form of locking off our personal data from external access without permission. Unfortunately, this type of data security is no longer secure enough to be reliable (if it ever was). Fortunately, a new type of login protection has become widely available for all sorts of commercial and private uses, and for the most part it’s completely free to use.
We’re talking about two factor authentication, also known as TFA for short. In basic terms, TFA creates a whole new and much stronger layer of security over your original login mechanism by requiring you to use a secondary identity verification mechanism after you’ve logged into an account with your password.
This secondary factor could range in nature from a physical security token, to a chip encoded card to biometric readings of your body’s physical characteristics. However, what it most commonly comes as is a one-time security code that’s sent to your mobile device as a text message. This is what we’re going to discuss here in greater detail; we’re going to explain the importance of using TFA through your mobile phone and how you can do it the right way.
Why Mobile Two Factor Authentication Matters
Why does TFA matter? Because of things like this. Now, that’s just an example that shows just how badly compromised information security can be on the web and how rampant the work of data thieves is, but it illustrates a very crucial point about your personal information, namely that it will very likely at some point become the target of hackers or fraudsters.
This means you simply cannot take your important online account security for granted by simply using a password. Using keystroke loggers, spyware and Wi Fi snooping software (to name just a few data theft tools) thieves can and regularly do troll the web for any easy target they can get their hands on.
If your computer happens to be the victim of this trolling, your email, cloud storage, online banking and other passwords could all become quickly compromised and used to take control of your digital assets, funds, and most important personal contact information.
Simply by setting up two factor authentication on your email, cloud storage, web hosting, online banking and online payments accounts, as well as anywhere else it’s available, you can avoid the danger of password surveillance simply because your password won’t be enough to thieves even if they do steal it.
This is the real marvel of the typical mobile phone based TFA system; since your login procedure also requires a unique one time access code that gets sent to your phone each time you log in to an online account, nobody can snoop their way into your data unless they actually steal your mobile device from you.
Where You Should Use Mobile Multi-Factor Authentication
You literally have no excuse to avoid setting up TFA for your online accounts. It’s available nearly everywhere, it’s easy to set up and it’s free for all the email, social and storage services most of us use!
At a basic level, you should really activate the two factor protection options that your Twitter, Facebook, Google and Microsoft mail services are offering you. Furthermore, you should also activate TFA for access to any online property that you own. This means protecting your web hosting/domain registration server access with a second layer of authentication and thus keeping your websites and URLs safe from hijacking by thieves.
If your web hosting service doesn’t offer TFA, either implement it yourself if possible or change to a hosting company that takes digital security more seriously. Godaddy and Dreamhost both offer Two Factor Authentication as a free client service. If you’re using a CMS such as WordPress to manage your websites, adding TFA to your dashboard login is also a good idea.
Additionally, you should check if your online banking and other financial account providers offer two factor options to their clients. If they do, apply them!
All of these two factor options are easy to set up and none of them require you to have more than a few minutes of spare time and a mobile phone of your own.
Finally, if you’re a business owner who needs a more robust multi factor system to protect your company’s internal data networks, you might want to take a look at business level security services such as those provided by companies like Authentify and Duo Security.
Some Basic Security Tips
Even if you’re using two factor authentication on all of your online and offline accounts, it’s still possible to suffer a compromise unless you keep these crucial security tips in mind at all times:
- Never leave your online sessions logged in and your computer open. No data protection system is going to work if you leave the door open for anyone who’s passing by.
- Do not lose your mobile phone or lend it to people you don’t know. It is your primary TFA security key, it needs to be kept safe.
- Many TFA options let you pick “trusted” machines on which a second factor request won’t be made if you log in from them: don’t set up any trusted machines. If you do and a thief with knowledge of your password can get to them, they’ll have access to your information.
Stephan Jukic is a freelance writer who covers online data protection, anti-intrusion protocols and digital security. When he gets a chance, he also indulges in writing about SEO, mobile technology, marketing techniques and non-localized digital business strategies. When not busy writing or consulting on digital security to groups and individuals, he spends his days enjoying life’s adventures either in Canada or Mexico, where he spends part of the year. Stephan’s writing has been featured on Sitepoint, Duct Tape Marketing, Infosec Institute, The Marketing Robot, Security Hunk and Search Engine Journal. Connect with Stephan on LinkedIn and Google+.