Two Factor Authentication: What You Should Know

by Sandra Henshaw - , Last Updated on January 10, 2019, How To Guides

Security is always a big concern with personal data, and with the amount of data we're keeping on our smart phones this concern is growing. Of course, you don't want someone logging into your Facebook and posting embarrassing messages, or reading your personal emails. But there's more to it than that. Many of us have mobile banking, or accounts such as Amazon that contain our credit card information and can allow people to spend our cash. And there's even the threat of identity fraud. Whilst many of us won't be at huge risk, it's always better to be safe than sorry. Fortunately, many major banking services, apps, and even email softwares are introducing two factor authentication in an effort to keep your data even safer. So what is this, do you need it, how do you use it? That's what we're here to find out.

What is One Factor Authentication?

Before we get to two factor authentication, let's talk about one factor authentication first, since two factor will simply build on this. We're going to assume that you have a lock on your front door and a key that goes along with it. In order to unlock your door, you need a key. This is one factor authentication. To get inside your front door a key is necessary. But it doesn't matter who holds that key. You can turn the key, your neighbour, a thief, anyone at all. Apps and programmes with passwords are the same as your front door and key. It's one factor authentication, as long as you hold the key (or password in this case) you can get in, no matter who you are. This is safe enough, as long as you keep your key on you, don't lose it, have it stolen, or lend it to someone else, or drop it, or… well, you get the picture. But two factor authentication adds an extra layer of protection to this process.

Factors of Authentication

There are technically three commonly accepted factors of authentication, things that will allow you through that locked door or into that account, or to send that email. The first of these is something that you have, in the example above that's your front door key. It may also be a credit or debit card, or a chip that you can scan to get through your office door. In essence it's something physical that you can hold.

The second factor is something that you know. This could be an email password, the PIN for your cash machine card, or your personal signature. Finally, there's something that you are, which could be your fingerprint, or a scan of your eye, even your DNA, but is something unchangeable, and most importantly, is something that cannot be transferred, given, or lent to someone else. Or stolen, of course…

Two Factor Authentication

All of this has been leading up to two factor authentication, which can be any two of the above listed three options. You might not realise it, but you already probably use two factor authentication in your life. Getting money from a cash machine is a good example, since you must have the card AND know the PIN, having one or the other doesn't do you any good. Two factor authentication is, rather obviously, just safer than one factor.

When using your phone there are two common ways of ensuring two factor authentication. One, which is often used by banking services and can also be used with your Google account, involves getting an SMS. Let's take your bank as an example. You log into your online banking account using your password (factor one), and make a transaction. Your bank then sends an SMS to your phone (factor two) which you must enter before that transaction can be completed. The process is generally quick and easy, and for many banking services these days is required.

The second commonly used method is growing in popularity, particularly with more and more mobiles getting fingerprint scanners. You log into an app using your password (factor one), and then in order to buy something you must confirm your identity by scanning your fingerprint (factor two). This is becoming the standard for online payment services, particularly with Apple Pay, for example.

Do I Need It?

In some cases you're just not going to have a choice. Especially where money is involved (online payment services, online banking), two factor authentication is pretty standard, and is no longer “opt in.” However, there are some instances where you do have a choice, it's up to you whether you set up two factor authentication for your Google account or Facebook account (both of which are options).

We're the first to tell you that more security is a good thing, nearly always. But you do need to weigh up the time benefit equation. Two factor authentication is going to take you a little more time, since you won't just enter a password, but you'll need to wait for that SMS to arrive or for your fingerprint to scan. Sure, it's not a lot of time, but if you're just quickly trying to check your email it might be more time than you're willing to spend. Plus, if you frequently check your email, that extra time is going to add up.

On the other hand, if you have a lot of sensitive info in certain apps, this extra time may be worth it. Maybe your personal email doesn't need two factor authentication, but it might be a good idea for your work email, for example. This all kind of depends on you, and how safe you need things to be.

One area that we haven't yet spoken about is online storage services. LastPass, a password manager and storage service, Google Drive (through your Google Account), and SpiderOak (a simple cloud storage solution) all offer the possibility of two factor authentication. In these cases, it's probably worth getting, simply because there's a solid chance there's some personal stuff in there that shouldn't get into the wrong hands, and because they're services you're not likely to access frequently (say, more than once a day).

In the future we're likely to see two factor authentication become the mobile standard, just as it has become for using cash machines and online banking. For now, you still have a choice, but depending on your security needs it might be something worth looking into for you.

How To Backup Two Factor Authentication

Securing personal information is key to most of us. If you’re like most people, you keep plenty of info on your phone, including emails, banking information and all kinds of other things. Nowadays, a simple password really isn’t enough for protection, which is why many people choose two-factor authentication to protect their data. But if you’re not backing up that authentication, then you might find that you can’t access your data when you need it. Confused? Don’t be, we’ve got all you need to know right here.

What’s Two Factor Authentication?

Two-factor authentication is a pretty simple concept. In order to access your data, you’ll need two ways of proving that you’re you. This could be a fingerprint and a password, it might be a password and then a code sent to you via SMS. There are all kinds of combinations, depending on which app programme or system you’re using. Many bank websites use two-factor authentication, Google allows you to add two-factor authentication to your Gmail account, and various other websites let you use two-factor authentication (many online shopping sites that have your credit card info, for example).

The problem is that if somehow one step of this two-step process is missing (perhaps you lose your phone and can’t get that SMS code, for example), then you can find yourself locked out of your data entirely. Fortunately, there are ways to back up the info that you need to ensure that you never get locked out.

How Do I Know Which Method is Right for Me?

Unfortunately, there’s no one size fits all solution here (though there is a workaround that we’ll get to later). Which method you need to use to ensure a back up depends on which kind of authentication service you’re using, which really depends on the app or programme you’re using. You’ll need to access authentication settings to find out which methods are going to work for you, though in some cases it’ll be clear given the options that you have to authenticate.

However, none of these tips takes a particularly long amount of time, so you can try all of them to find out what works! There are several things that you should look at.

Phone Number Confirmation

A lot of authentication services (including Google’s and Microsoft’s) allow you to set a phone number. If something happens (you lose a password or break your phone), then an SMS or voice call to your linked phone number will let you override the two-factor authentication. Say, for example, you lose your mobile and then try to log into your Gmail with Google’s two-factor authentication. You won’t receive the necessary SMS to log in, but hitting the button that says there’s a problem means that you’ll get a phone call on your landline to tell you how to proceed. Simple, right?

This isn’t so simple if you haven’t linked your phone number, however. You’ll need to go into authentication settings on your programme and make sure that your number is linked (and if you can add a landline as well as your mobile, do so). If you ever change phone numbers, make sure you link in your new number as well!

Back Up Codes

Some services also provide you with back up codes that you can enter in case you can’t log into your accounts. Google also provides this, as do a few other sites. You should absolutely print out these backup codes and put them in a safe place in case you need them (but safe enough that no one else can use them to access your account!). If you don’t have your codes and can’t find them, simply message customer service for whatever service you’re using and get new ones. Be aware that Google’s back up codes are for one-time use only, so if you use one you’ll then need to get a new one!

Personal Info

Similar to phone number confirmation you might also want to check the rest of your personal information stored on site. Check your linked email address to ensure that it’s current, as well as your name and address if these appear. You never know when you might need the company in question to be able to contact you with back up codes or new passwords, so it’s best to ensure that they have up to date contact info if necessary.

Possible Work Around

All of this might seem like a lot of work, but it should only take a few minutes of your time, and any of these methods could ensure that you don’t get locked out of your accounts. However, there is one fairly easy workaround that you might want to think about.

Authy is an app that implements two-factor authentication. You can use it anywhere where you would normally use Google’s two-factor service (which is most websites). Download the app and follow the instructions that you’re given and you’ll have secure, two-factor authentication whenever you have access to the app. How does this help you?

Firstly, Authy allows you to backup your data and easily transfer it to another device (which makes switching phones easier). Secondly, Authy allows you to share data between devices. So if you put Authy on your phone and your tablet and/or computer, you should have access to your data even if, for example, you lose your mobile (since the same authentication data will be on your tablet/computer).

Two-factor authentication is a great way to secure your data. However, if you haven’t properly backed up codes, entered a phone or email or other contact info, or enabled an app like Authy you do run the risk of getting locked out of your data. A little preparation today could prevent a lot of problems tomorrow!