By Adriana Linares
Most of us enjoy our social media accounts as a way to keep an eye on family, friends, hobbies, and passions. For many of us, they are also an important business asset.
Two-factor authentication (2FA) is a powerful and easy, albeit mildly annoying, way to protect our online accounts (including bank, credit card and email accounts). Two factor authentication adds a small but, yes, extra step to logging in to an online account when you’ve either never or recently logged in from that device. While there are several options for setting up 2FA (text message, email, phone call, authentication app) we will discuss text messages and authentication apps in this post.
Text Messages for 2FA
After entering your user ID and password (something you know), you will be prompted to enter a one-time code delivered to your mobile phone (something you physically have).
For my Twitter account, I receive a text message to help confirm it’s me attempting to log in.
“Something you know” and “something you have” is term of art used when talking about two step authentication.
Mere moments after seeing that message, my trusty phone (which we all know is very near) will announce the arrival of a text message that will look something like this:
Authentication App for 2FA
For FaceBook, I will chose to use an “authentication app”. Google offers a popular app called Google Authenticator that can be used for Google and non-Google services. Search for the app in the Apple App Store or on Google Play if you’re an Android user.
To setup of 2FA on Facebook, go to Settings > Security and Login > Two Factor Authentication. Facebook will walk you through the steps.
You may already have an authentication app on your phone from another service, if not, get one!
Once I downloaded the app, I used the camera on my phone to scan the QR code from Facebook which will set it up in my auth app.
While adding 2FA to your accounts, take the time and use the opportunity to review other security settings in each service. Many of us take the easy way out, sacrificing security for convenience, by not enabling security options presented to us. Take the time to review all of the security options offered to you, one of the options you will often see is for “backup codes.”
No Phone? No Problem. You have backup codes.
What are you to do if you DO have your phone but it’s not online? Many airlines offer in-flight wifi, but chances are you will purchase the service for your computer, not your cell phone – it will likely be in airplane mode. How will you log in to check your bank account when you can’t receive a 2FA code via text or the app on your iPhone? Well, they thought of that. Upon configuring 2FA, you will likely see an option to store one-time “backup codes”. I always save them to a specific folder on my computer (which is whole-disk encrypted) and cross each off as I use them.
2FA for Other Accounts
Most of today’s online services offer 2FA as an extra layer of security. Financial institutions have long offered to call or email you before letting you in. Please take the time to set these up.
This article was originally published on the SDCBA Law + Tech page.
Adriana Linares (mto@sdcba.org) is SDCBA’s Member Technology Officer.