Two-factor authentication for regular people.
What I’d like to touch on with this article is more for our regular users. You don’t need a degree in computer science to understand that user accounts all over the internet are getting breached. So what can a regular user do to help protect their accounts? The quick and easy response is to say, “Enable two-factor authentication.” But as we’ve found with the Reddit breach, not all forms of two-factor authentication are created equally.
Easily the most common form of two-factor authentication out there right now is the SMS text message based. Let’s say you log into GMail, you put in your user name, your password, and then GMail sends you a text message with a code that you have to put into the website before your login is complete. That’s SMS based two-factor authentication. That’s widely considered to be better than no two-factor authentication at all.
I want to do is talk a little bit about other options that exist. Specifically with GMail, as a lot of our clients use GMail, both for personal accounts, and G Suite for business.
What Does The Process Look Like? Does It Hurt?
Two-factor (or, 2-factor) authentication doesn’t have to be a painful experience for the user. Here’s a quick step-by-step on what the login process looks like.
- Enter your email address
- Enter your password
- Enter your 2-factor authentication code
On that last step, you have the option to remember the computer you’re logging in from. Which means if this is your home computer that you trust, there’s no need to enter your password or 2-factor authentication again. But whenever you login from a new location, you (or someone attacking your account) will still be prompted for your email address, password, and 2nd-factor authentication.
Great! Where Do I Set Up Two-Factor?
First off, you can find the two-factor authentication options by logging into your GMail account, clicking the Google Apps button in the upper right corner, and selecting Security. Once in the Security section, one of the menus will read Sign-In & Security, and in that menu you will click on “Signing in to Google.” It will likely ask for your password again. Once you are logged in, you will see a menu on the right, with the option “2-Step Verification.” Click on that.
Here you have a number of options for 2-factor authentication. Let’s go over those options.
Backup codes are the easiest, so I will talk about them first. Creating backup codes is an important first step. These codes will allow you to login if something happens to your regular 2-factor device. It is just a set of ten, one-time use codes. Print these codes off and keep them somewhere safe. Hopefully you will never have to use them.
This is an application that you can download to your phone or tablet. It is constantly generating 6 digit codes for login, even when you’re not trying to login. Google’s servers know what code your device will generate, so when you login and Google asks you for the code, it will know if you’ve put in the correct code or not. The nice thing about the Authenticator App is that other services can use it, too!
This option allows you to tie a device to your account. Every time you login from a new location, a simple Yes/No prompt will display on your device, asking if you are currently attempting to login. This can be nice, as you will get a prompt whenever someone reaches the 2-factor authentication screen.
This is one of the more interesting forms of 2-factor. A physical key, often in the form of a small USB device, can be inserted into your computer when you are prompted for a 2nd-factor authentication. A personal favorite for these is the Yubikey. When prompted you simply insert the device into your computer, hit the button on the key, and you’re done. There are a couple of different ways that devices like this can be used, including handling authentication for your computer.
Pros and Cons Everywhere, What Should I Use?
Every option listed above has its own pros and cons that I would love to discuss, but it would make this post even longer than it already is. One thing I would highly recommend, however. If you setup a 2nd-factor authentication method, make sure to setup the Backup Codes, print off the codes, and keep them in a safe spot. This will allow you to recover your account should you lose access to your 2nd-factor authentication. I cannot stress the importance of this enough.
But possibly the most important piece of choosing a 2nd-factor authentication method is exactly how easy it is for you to implement it in your every day life. If a form of 2-factor authentication is too hard to use, then most users simply won’t use it.
In The End
At the end of the day, two factor authentication adds significantly to your account security, without adding too much hassle to you the user. There are a number of additional steps you can take to increase security of your online accounts. They’re beyond the scope of this post, however. But if you are interested in setting up 2-factor authentication for some of your online accounts, please give us a call, and we would be happy to go over the details in order to find you a process that works best for you.