InfoSec 101: How To Set Up Two-Factor Authentication

Andrew Orr Informative Internet Guides

Welcome to InfoSec 101, a series of articles aimed at helping you enhance your online privacy, boost your security and more. In this article, we’ll show you how to set up two-factor authentication for your online accounts.

What is Two-Factor Authentication?

Two-factor authentication (2FA) also known as two-step verification, is a method to keep your online accounts safe from hackers accessing your account. As an example, if you have 2FA set up with Facebook, you need to enter a unique code before you can log in. For some websites like Facebook, this code is generated by an authenticator app.

Other websites give you an option to have the one-time code texted to you, but as Wired points out this method is less safe than an authenticator app, with security researcher Jonathan Zdziarski saying:

“SMS is just not the best way to do this…it’s depending on your mobile phone as a means of authentication [in a way] that can be socially engineered out of your control.”

2FA is recommended by most, if not all, security experts, and even the White House ran a campaign to #TurnOn2FA. Using 2FA on your accounts takes an extra step that makes it slightly longer to log in, but it’s worth it. Hackers rely on people who are too impatient or lack the knowledge to have extra security measures.

Apps To Use

Setting up 2FA for your accounts is a relatively easy process. For most websites, you’ll have to dig around in your account settings or profile to turn it on. Try to use an authenticator app whenever possible, although unfortunately some websites like Twitter only use SMS codes. Another benefit of using an authenticator app is that they generate codes even without an internet connection.

Google Authenticator

Google has its own tool for 2FA called Google Authenticator. It’s available for iOS and Android and is easy to set up and start using.

google_authAuthy

Authy is a great app and is available on virtually all platforms. Unlike Google Authenticator, Authy has a dedicated team behind their app and continue to provide steady updates. Authy provides encrypted cloud backups for your account codes in case you lost your device or can’t access it.

authy1Password

If you’ve read our previous article about passwords and password managers, you should be familiar with 1Password. In addition to creating and storing secure passwords for your digital life, the app can also generate one-time passwords to use with 2FA as well. In my opinion, the benefit of using 1Password over Authy and Google Authenticator is that 1Password have desktop apps in addition to mobile apps. Authy does have a browser extension, but in my experience, it was finicky to use and not an easy experience.

1passwordHow To Use

Now that you’ve downloaded an authenticator app, it’s time to set it up. It’s tedious but well worth it in the end. You’ll have to go into as many of your online accounts as possible to see which ones support 2FA. For ones that do, select the option to activate it. A window will pop up showing a QR code. Scan the code using your authenticator app, or manually enter the code into the window. It will tell you whether it was successful or not, and if it was successful, you’re done.