Microsoft released a report that stated, from their research, 99.9% of all account compromises could be prevented by using multi-factor authentication. The report detailed that about 1.2 million accounts worldwide are compromised on Microsoft servers (Office365, Hotmail, etc.). But of these, almost none were using any form of multi-factor authentication. This shows that simply using multi-factor, or two-factor authentication, is very effective at stopping account breaches. If you would like to find out just what two-factor authentication is and how you use it to protect your own accounts from attack, read on. The techspeak will be kept to a minimum and by the end, you will be a pro at protecting your own accounts.
What is an account breach?
Hackers target online accounts for a variety of reasons. Some are financial while some might be just for the thrill of it. Here are some common targets and reasons:
- Your bank – to steal the money in your accounts
- Amazon, Walmart, other online shopping: to make fraudulent purchases
- Your email account (Gmail, Hotmail, Office365) – if a hacker controls your email account, they can use it to access just about everything else. They can perform password reset requests on your accounts and have that request go to your email. Then they can change the password and gain access to many other accounts
- Facebook, Instagram – attackers can use your account to advertise their own products, post embarrassing things from about you, send out spam
- Your blog – hackers can deface your blog to attack your reputation, add their own posts, use your blog to spam others
Most of what we do online now involves some sort of an account. A lot of personal information is held in these accounts. That makes them a prime target for hackers. To make matters worse, users tend to use weak passwords on their accounts. Also, passwords tend to be reused for other accounts over and over again.
What is two-factor authentication?
A factor is a way of proving you should have access to an account. A password is an example of this. It’s your password for your account, so you are given access to it. Fingerprints, or other forms of biometrics, are another factor. Sometimes websites will send a text message to your phone with a code that you must enter into the site to gain access. Since it’s your own phone, this shows the account belongs to you. In more basic terms, a key to your car is a way of proving that the car is yours.
Two-factor authentication combines more than one of these together to ensure that a failure of one doesn’t give access to your account to an attacker. Passwords are easily guessed, stolen, or changed. They don’t give any real security since humans have trouble remembering really strong passwords. Adding a second factor to your accounts makes this easier. Even if the attacker has your password, they wouldn’t be able to get into your account.
The most common ways that two-factor authentication is used are text messages and authentication apps. While receiving a text message is better than nothing, hackers have routinely been able to get around this.
Authentication apps are one of the most secure and easiest for the everyday user to make use of. Google offers its own app, Google Authenticator but this article will focus on Authy. It is a free app that offers strong security. It is very easy to learn and use.
How you can use two-factor authentication easily
Authy is available for both Apple iPhone (and iPad) and Android phones/tablets. Authy also has a desktop app that can be installed using the Chrome browser. This means that you can use Authy wherever you are. There is no charge to use Authy.
To get started, go to the app store for your device and search for Authy and Install it.
Once it is installed, open the app. You will need to enter your cellphone number so that the app can set itself to you. It will send a text for you to verify.
Once your phone number has been verified, you will need to set a master password. This will encrypt all of the account information in Authy. If you plan to use Authy on more than one device, this is how the information is synced securely.
Make sure that you remember your password. If you lose it, you could lose access to all of your two-factor authentications.
Now its time to add your first account.
Instructions for Apple devices:
- Log into the website that you wish to protect with two-factor. Each site will be different, but under your user or profile settings, there should be a security section. There, an option to enable two-factor authentication should be available. Here is the location in Amazon:
- Open Authy on your device. Click the red + sign at the bottom of the screen to Add Account.
- Scan the QR code on the website you are adding to Authy using your device. You can also manually enter the key provided by the website to Authy if you don’t wish to scan the QR code or your camera is unavailable.
- Set the icon for the website so that you can easily recognize it in Authy.
- Click Done
- Now you have added your first account to Authy.
Instructions for Android devices:
- Log into the website that you wish to protect with two-factor. Each site will be different, but under your user or profile settings, there should be a security section. There, an option to enable two-factor authentication should be available. Here is the location in Amazon:
- Open Authy on your device. Click the … icon for the menu at the upper right-hand side of the screen to Add Account.
- Scan the QR code on the website you are adding to Authy using your device. You can also manually enter the key provided by the website to Authy if you don’t wish to scan the QR code or your camera is unavailable.
- Set the icon for the website so that you can easily recognize it in Authy.
- Click Done
- Now you have added your first account to Authy.
Using Authy for Two-Factor Authentication
Once you begin adding your accounts, Authy will look similar to the picture below. There will be an icon for each account and the label.
The number code in the picture above is called a token. It changes every 30 seconds. You can see this with the blue bar at the top of the screen under the account name and email address. That bar will shrink as the 30 seconds goes down.
To log into a website that you have enabled two-factor on, simply click on the icon in Authy. You will see the token presented – the 6 digit random number. Enter that number on the website when asked to do so.
Here is an example using Amazon:
After entering the code, the website will allow you to enter.
That is it. Your accounts are NEARLY hackproof.
One warning, don’t forget your password for Authy and be very careful with your phone. If your phone were stolen, it would have everything the thief needs to access your accounts online. Be sure that your phone is secured with a good password.