Multi-factor authentication is for everyone šāš
This is the second part of the 2-part series on access control and account security. If you havenāt already, read Part 1: The beginnerās guide to using a password manager.
What is MFA?
Multi-Factor Authentication (MFA) is an additional layer of access control beyond user ID and password credentials for your online accounts. MFA-enabled accounts require a unique authentication key in addition to your user ID and password to verify your identity.
Common implementations of MFA use 2 factors (a password and an additional key) for granting access to accounts. Hence this configuration is known as 2 Factor Authentication (2FA), which is a subset of MFA.
How is 2FA implemented?
Examples of additional authentication factors include:
- A dynamic one-time-password with a limited validity period
- A static secondary password
- Biometric authentication such as an iris or retina scan, fingerprint scan, or even voice recognition
- A physical authentication device such as an electronic key or usb drive
How can you adopt 2FA?
The easiest way for people to use a secure 2FA setup is with a dynamic time-based one-time-password (TOTP) generator.
Step 01: Enable 2FA for your online account
To set up 2FA in for any account, you firstly need to enable usually from a security settings menu. Then you will receive
- a TOPT generation token (a random code, usually available as a QR code); and
- a few one-time-use back-up recovery codes, in case your TOTP generator fails or your token is lost
Step 02: Safely store the TOTP generation token and back-up codes
You may store the TOTP token in the 2FA generator app. If you are looking for an app recommendation, Authy is quite popular and reliable. This token is the basis for generating your TOTPs from time to time. It is also the only way to generate a valid TOTP.
In case you lose the token or your TOTP generator fails, your only recourse is to use one of the few one-time-use back-up codes which you received in step 01. If you do so, you should proceed to reset your 2FA token and back-up codes for future use.
Step 03: Log in to your account using 2FA
- Navigate to the log in page
- Enter user ID and password
- Enter the 2FA key or TOTP generated by your TOTP generator and gain account access
Remember that the TOTP has only a limited validity period, after which it lapses and a new one is generated, usually with a 30s interval.
Conclusion
Your accounts are not completely safe even if you use a complex password and a password manager. You can significantly improve your account security by adding an additional layer of access control in the form of 2 Factor Authentication or 2FA. This setup requires minimum effort, and a 2FA key generator application to enhance security of your accounts.
If you use 2FA, in the event your password is disclosed to or discovered by someone else, your account will not allow them to gain access unless they also provide the dynamic 2FA key, which significantly reduces the odds of unauthorised access.
Read more
Part 1: The beginnerās guide to using a password manager