We have become accustomed to keeping track of countless usernames and passwords to access our accounts. Two-factor authentication (2FA) adds an additional layer of protection on top of these traditional security measures. In conjunction with your username and password, additional approval or codes must be entered.
Sometimes, 2FA is also referred to as two-step authentication.
What is 2FA?
Two-factor authentication basically means that an additional step of verification is needed when somebody signs into your account.
Traditionally, you’d type in your user name and password and you are in. With 2FA you still do that and then receive a code on your mobile device to complete the sign-in process.
The advantage here is that somebody who can’t access your 2FA step but has your password still can’t get into your account.
We can assist setting 2FA up on your accounts, give us a call at 844-880-7874 or drop us a note here.
Why It’s Important
Few of us are jumping at the chance to make our daily signing in process more convoluted or difficult. Password reset hoops after misremembering sign-in information are a pain. So why would we complicate this process further?
Simply put, there’s a high probability some of your personal information is on the dark web. Companies as large as Adobe, eBay, LinkedIn, and Yahoo have had millions of their customer’s sign-in information leaked.
We keep a weekly running total here of some of the breaches that happen.
Even Equifax, as one of the largest credit bureaus in the world, was hacked. Meant that the information of 146.9 million consumers was up for grabs for interested hackers. When this amount of data is available for criminals, a simple password (which you might use in multiple places) isn’t enough.
Read next: What accountants must know about managed services
How To Implement 2FA
First, it’s important to take inventory of what you sign into regularly. Make a list and write down what software or websites are required for your daily routine. Now imagine the worst-case scenario unfolding. Imagine someone has access to all of your login information and corresponding passwords. What account would you lock down first to mitigate damage?
The website twofactorauth.org has a list of apps that support 2FA based by industry. For tax professionals, the finance section of the website might be most pertinent. If your current software does not support 2FA but its competitor does, it might be worth switching.
Are your accounts secure? Sign up for our certification and we’ll tell you.
Methods of 2FA
This is one of the simplest forms of 2FA. An SMS text, with a temporary code, will be sent to the phone number which is on file with the website or application. There is generally a 1 to 10-minute expiration to enter that code before it’s invalid.
Similar to the SMS method, a code will be sent to a trusted email that is registered.
Google Authenticator and FreeOTP are examples of 2FA apps that are supported by many websites and software providers. After entering your user name and password you will then be asked for temporary code created by the app. This code changes every minute or so and syncs the trusted device with the required sign-in information.
This method will send a notification to a trusted device indicating that a login attempt is happening. The user is then unable to proceed further without having the sign in attempt approved by the trusted device.
A product such as YubiKey is a good example of a physical key used for 2FA. For many sites like Facebook, there is a step by step tutorial. Once this is set up the key will need to be inserted into the computer before being able to sign in.
Keep in mind when signing up for 2FA you will be given backup codes for the account. These seemingly random strings of characters can be used to reset the account. It’s crucial that you print these codes out (don’t save them on the computer) and put them somewhere secure. These codes are an added fail-safe in case you lose the trusted device or physical key required for 2FA. Getting back into these accounts either these codes and or devices can prove difficult.
More security tips
Step 1 – Secure Your Computer
Setting up a biometric sign-in feature with Windows Hello is a great option. PINs and passwords can be obtained one way or another. However, the Windows Hello login feature using facial recognition is very difficult to fake.
[Tweet “Please don’t use birthdays for your pins.”]
Step 2 – Secure Your Email
The email used for signing into software or a secure website needs to be protected first. A third-party can send a password reset request for the software or website to this email. If they have your email password they will be able to fake correspondence with the software provider to gain entry, as well as find more personal information in your emails. Gmail for example supports a Push-based 2FA process which is both easy and secure.
Step 3 – Secure Crucial Software
Any software which contains financial or customer information needs to be protected. Google Authenticator is widely supported and easy to use. But keep in mind some type of 2FA is better than nothing. If a software provider only supports SMS based 2FA that’s fine as well. The most important thing is that some type of 2FA is in place on your most crucial sign in formation.
Step 4 – Social Media
Implementing 2FA on your social media accounts can also help. There is plenty of information that can be gleaned from these accounts and might aid in exploiting your security elsewhere. Locking down all possible unwanted sign-in attempts should be your goal.
We can assist setting 2FA up on your accounts, give us a call at 844-880-7874 or fill out the form below.