Two-factor authentication is the future; passwords are the past.
Logging onto a website with a username and a password is, by itself, no longer considered best practice because cyber-criminals can defeat simple passwords with increasing ease. Our security partners at Sucuri have detailed how passwords get hacked.
The UK’s National Cyber Security Centre conducted research in 2019, revealing that 89 per cent of people make online purchases, yet only 15 per cent of them know how to protect themselves from harmful activity.
The NCSC also revealed a list of the most commonly used passwords showing that, worldwide, no fewer than 23 million people believe ‘123456’ is a safe password. It isn’t.
So, what do you do if easy-to-remember passwords alone are not enough?
Best practice is to have additional security for your online accounts. For example: you could have a second level of security through two-factor authentication (2FA), via an app on your computer and/or smartphone.
2FA: How two-factor authentication works
If a website has 2FA set-up, you must first login with your username and password as usual – that’s the first factor – then, an automatically-generated code is sent to you, usually by email or SMS – and that’s the second factor.
This process offers better protection against cyber criminals because hacking your username and password is no longer sufficient for access, they would also need to have access to your phone or emails.
Using a 2FA authentication app makes this process almost frictionless.
Several free authentication apps are available which use the recommended time-based one-time password (TOTP) method, and which are simple to set-up and use. Here are three of the most popular apps:
2FA app #1: Authy
Authy can be downloaded to iOS, Android and Chrome mobiles as well as MacOS, Windows and Linux computers.
You can easily capture 2FA QR codes from Facebook, Amazon, Google, Microsoft, Dropbox, Grammarly and many more sites and services. Authy will generate tokens which you can access on any device, phone, tablet, desktop and even smartwatch. These tokens are valid for 20 seconds and are then replaced.
This even works offline. You can still generate tokens and access secured websites without internet access on your phone.
Authy also allows you to create encrypted backups in the cloud and synchronise your data across multiple devices.
2FA app #2: LastPass Authenticator
LastPass Authenticator comes from a company already well-known and trusted for its password manager.
Once you pair LastPass Authenticator with the site of your choice, you can employ the unique ‘one-tap login’ for instant access. This means that the browser extension sends a push notification to your smartphone. You confirm the registration with a tap and the app sends the authentication code to the extension in the browser. You don’t have to enter the code manually.
Like Authy, this app also allows synching and backups.
2FA app #3: Google Authenticator
Google Authenticator is a mobile-only tool which generates the codes on your smartphone that you need to log-in in two steps. One advantage of this 2FA app is the long list of websites it supports.
Because it can only be installed on phones, you will need to have your smartphone with you when working on a PC or a tablet.
However, you can set it up to work on multiple accounts and devices.
Heart Internet Security
2FA is just one method you can employ to keep your online accounts and your personal details secure. At the same time, responsible online businesses will do everything they can to help keep their customers’ data safe and sound.
If you are looking for a complete website security solution for your business – one that will monitor and protect your website, look no further than Heart Internet Website Security powered by Sucuri.
Our Deluxe and Ultimate packages come complete with our Web Application Firewall (WAF) which adds an extra layer of security. This safeguards not only your website but your entire network.