Two-factor authentication (2FA for short) has gained traction in recent years. This is thanks to an increased focus on online security, plus a response to some of passwords’ flaws.
What’s two-factor authentication?
For those wondering, two-factor authentication (also sometimes called “two-step authentication”) is a way to increase security. Instead of just a password, there’s two parts involved: “something you know,” and “something you have.” The former is usually an existing password. The latter is some external object you own, such as a smartphone.
When logging into a site, after entering your password, the site will use one of two methods. Depending on how 2FA is set up, the site will either send your phone a text message with a code, or use an app on the phone (tied to the site) that generates a code. After the code is entered into the site, you’ll log in as usual.
Some sites will allow you to check a box that makes the device “recognized,” so you don’t have to keep re-entering a code.
There’s some custom apps, but one popular app used by many 2FA-using sites is Google Authenticator.
Since two items are required to log into a site (versus one), and since a purported hacker isn’t likely to have access to your phone, security’s greatly increased.
Two-factor authentication makes brute force attempts extremely difficult (at best) to achieve. Even if a password’s leaked (in the security breach du jour), it won’t do the hackers much good. (Of course, you’ll still want to change your passwords anyway.)
Needing to give your phone number to some sites might be one flaw, for those that don’t like giving out such information.
There’s also the inconvenience of needing a smartphone on hand to enter a code.
Finally, if something happens to the phone (or it’s not available), you might be locked out of the site. Some sites deal with this by generating a set of emergency codes to keep stored or printed out. The codes are useful in case a smartphone isn’t available.
Despite the above drawbacks, two-factor authentication’s seen as a big improvement in online security.
Sites using two-factor authentication
An increasing number of websites are offering 2FA, including many of the biggest sites online. Many security experts are recommending using two-factor authentication where feasible.
Lifehacker wrote a list of some sites where they particularly recommend turning on 2FA.
There’s also the site Two Factor Auth List, which lists sites that offer 2FA.
Otherwise, here’s my recommended list of major sites that’re worth switching to two-factor authentication:
- Webmail services, including Gmail, Outlook, and Yahoo mail
- Social networks, particularly Facebook and Twitter
- Dropbox and similar cloud-based storage services
- Financial services, such as PayPal or (if offered) your bank
Two-factor authentication will likely increase in popularity in the future, as security concerns grow. While some sites seem slow to adapt 2FA (such as, oddly, banks), pressure will likely make them change to stay competitive.
Do you use two-factor authentication?