Two Factor Authentication: What You Should Know

by Sandra Henshaw - , Last Updated on September 4, 2016, How To Guides

Security is always a big concern with personal data, and with the amount of data we’re keeping on our smart phones this concern is growing. Of course, you don’t want someone logging into your Facebook and posting embarrassing messages, or reading your personal emails. But there’s more to it than that. Many of us have mobile banking, or accounts such as Amazon that contain our credit card information and can allow people to spend our cash. And there’s even the threat of identity fraud. Whilst many of us won’t be at huge risk, it’s always better to be safe than sorry. Fortunately, many major banking services, apps, and even email softwares are introducing two factor authentication in an effort to keep your data even safer. So what is this, do you need it, how do you use it? That’s what we’re here to find out.

What is One Factor Authentication?

Before we get to two factor authentication, let’s talk about one factor authentication first, since two factor will simply build on this. We’re going to assume that you have a lock on your front door and a key that goes along with it. In order to unlock your door, you need a key. This is one factor authentication. To get inside your front door a key is necessary. But it doesn’t matter who holds that key. You can turn the key, your neighbour, a thief, anyone at all. Apps and programmes with passwords are the same as your front door and key. It’s one factor authentication, as long as you hold the key (or password in this case) you can get in, no matter who you are. This is safe enough, as long as you keep your key on you, don’t lose it, have it stolen, or lend it to someone else, or drop it, or… well, you get the picture. But two factor authentication adds an extra layer of protection to this process.

Factors of Authentication

There are technically three commonly accepted factors of authentication, things that will allow you through that locked door or into that account, or to send that email. The first of these is something that you have, in the example above that’s your front door key. It may also be a credit or debit card, or a chip that you can scan to get through your office door. In essence it’s something physical that you can hold.

The second factor is something that you know. This could be an email password, the PIN for your cash machine card, or your personal signature. Finally, there’s something that you are, which could be your fingerprint, or a scan of your eye, even your DNA, but is something unchangeable, and most importantly, is something that cannot be transferred, given, or lent to someone else. Or stolen, of course…

Two Factor Authentication

All of this has been leading up to two factor authentication, which can be any two of the above listed three options. You might not realise it, but you already probably use two factor authentication in your life. Getting money from a cash machine is a good example, since you must have the card AND know the PIN, having one or the other doesn’t do you any good. Two factor authentication is, rather obviously, just safer than one factor.

When using your phone there are two common ways of ensuring two factor authentication. One, which is often used by banking services and can also be used with your Google account, involves getting an SMS. Let’s take your bank as an example. You log into your online banking account using your password (factor one), and make a transaction. Your bank then sends an SMS to your phone (factor two) which you must enter before that transaction can be completed. The process is generally quick and easy, and for many banking services these days is required.

The second commonly used method is growing in popularity, particularly with more and more mobiles getting fingerprint scanners. You log into an app using your password (factor one), and then in order to buy something you must confirm your identity by scanning your fingerprint (factor two). This is becoming the standard for online payment services, particularly with Apple Pay, for example.

Do I Need It?

In some cases you’re just not going to have a choice. Especially where money is involved (online payment services, online banking), two factor authentication is pretty standard, and is no longer “opt in.” However, there are some instances where you do have a choice, it’s up to you whether you set up two factor authentication for your Google account or Facebook account (both of which are options).

We’re the first to tell you that more security is a good thing, nearly always. But you do need to weigh up the time benefit equation. Two factor authentication is going to take you a little more time, since you won’t just enter a password, but you’ll need to wait for that SMS to arrive or for your fingerprint to scan. Sure, it’s not a lot of time, but if you’re just quickly trying to check your email it might be more time than you’re willing to spend. Plus, if you frequently check your email, that extra time is going to add up.

On the other hand, if you have a lot of sensitive info in certain apps, this extra time may be worth it. Maybe your personal email doesn’t need two factor authentication, but it might be a good idea for your work email, for example. This all kind of depends on you, and how safe you need things to be.

One area that we haven’t yet spoken about is online storage services. LastPass, a password manager and storage service, Google Drive (through your Google Account), and SpiderOak (a simple cloud storage solution) all offer the possibility of two factor authentication. In these cases, it’s probably worth getting, simply because there’s a solid chance there’s some personal stuff in there that shouldn’t get into the wrong hands, and because they’re services you’re not likely to access frequently (say, more than once a day).

In the future we’re likely to see two factor authentication become the mobile standard, just as it has become for using cash machines and online banking. For now, you still have a choice, but depending on your security needs it might be something worth looking into for you.