Two Factor Authentication
The term Two-Factor Authentication (2FA) means that you need a second credential to log-in to your account in addition to your password. This is powerful, because even if an adversary gets your password, it cannot automatically log in. Reporters Without Borders recommends everybody to use 2FA on all accounts that offer it! This includes most of the popular services such as Google, Facebook, Slack and Twitter.
If you use 2FA together with a password manager, you can achieve a very high level of security. You can boost this even more when you use both on different devices: for example use 2FA with a code generator app on your smartphone and a password manager on your computer.
2FA with telephone number
A user has to provide a mobile phone number in advance and enable 2FA. Every time when the user provides the correct password, a second PIN code is sent via SMS to the mobile phone number. This PIN code is the second credential that allows the user to finally log in.
Although a 2FA via SMS is better than no 2FA, there are safer versions available like Code Generator Apps or Hardware Keys.
Are you also hesitant in providing your mobile phone number because of privacy concerns? Check our Dangerous Errors.
2FA with the service’s own app
Some services offer 2FA with their own apps. For example, after providing the password on a computer for a Google account, a notification is sent to the user’s smartphone on the Google search app. In the app, a user can confirm the log-in on the computer.
2FA with a code generator app
A user enables 2FA in scanning one time a QR code with a so-called code generator app. This app continuously creates unique PIN codes that a user has to provide as a second credential after the password. Free code generator apps are for example Google Authenticator or LastPass.
2FA with a Universal 2nd Factor (U2F)
A user enables 2FA by registering a unique hardware key – for example with USB or NFC – with a specific account. This key has to be always plugged-in when a user provides the password to the account.
This method is relatively new and is the safest way to use 2FA. It is not as widely spread as the other ways, but, for example, Google, Facebook, and Dropbox already offer it.