What is the average internet user to do? Well, you should definitely change your passwords – regularly! Passwords are a pretty laughable method of authentication and can be managed by scammers quite simply, from pure brute force to simple phishing
What you really need is another way to verify yourself. Therefore, many internet services, a number of which have been split, offer two factor authentication . It is sometimes called 2FA, or used interchangeably with the terms "two-step" and "verification" depending on the marketing. Even the White House once had a campaign asking you # TurnOn2FA. But what exactly is that?
As PCMag's management security analyst Neil J. Rubenking puts it "there are three generally recognized factors for authentication: something you know (like a password), something you have (such as a hardware token or cell phone) and something you are (like your fingerprint) Two-factor means that the system uses two of these options. "
Biometric fingerprint scanners and retinas or faces are on the rise thanks to innovations such as Apple's face ID and Windows Hello. But in most cases, the extra authentication is simply a numeric code; Some numbers sent to your phone, which can only be used once.
You can get that code via SMS or a specialized smartphone app called an "authenticator". Once connected to your accounts, the app shows a constantly rotating set of codes you can use when needed – and it doesn't even need an internet connection. The argumentative leader in this field is Google Authenticator (free on Android and iOS). Twilio Authy, Duo Mobile, SAASPASS and LastPass Authenticator among others do the same on mobile and some desktop platforms, and most popular password handlers all have 2FA by default.
The codes are provided by authentication apps to synchronize over your accounts so that you can scan a QR code on a phone and get your six-digit access code in your browser, if supported.
Here's a video that Google made about two-step verification basics, giving a good idea of what is involved.
Be aware that the creation of 2FA can really break the access in some other services. For example, if you have 2FA configured with Microsoft, it's good until you try to sign in to Xbox Live. That interface has no way of accepting the other code. In such cases, you must rely on the app password – a password you generate on the main site to use with a particular app (such as Xbox Live). You will see that it comes up with Facebook, Twitter, Microsoft, Yahoo, Evernote and Tumblr. All of these are used either as third party logins or have features you can access in other services. The need for app passwords is, thankfully, decreasing over time.
Remember this as you panic about how difficult this sounds: being safe is not easy. The bad guys expect you to be salmon when you protect yourself. The implementation of 2FA means that it takes a little longer to log in each time on a new device, but it is worth it in the long run to avoid serious theft, be it your identity, data or money.
The following is not an exhaustive list of services with 2FA capabilities, but we cover the major services that everyone usually uses, and goes through the installation. Activate 2FA on all of these and you will be safer than ever.