A password is essentially the key to the lock that keeps strangers out of your account. And two locks are always better than one. In the cyber hello world!, two-factor authentication (often shortened to 2FA) can be that second lock.
It is very likely that you’re using it already, even if you’ve never heard the words before. It is used when logging into online bank accounts, for example. You type in your login and password on your computer, and then an SMS with a one-time code
arrives on your smartphone. Without it, you can’t get into your personal account. This way you confirm your identity twice, from different devices.
2FA keeps your account and related data safe even if cybercriminals have somehow managed to find out your login and password. It doesn’t matter if this was due to carelessness on your part or a vulnerability in the service itself, which also happens.
For instance, the infamous Collection #1 database contains more than a billion unique sets of logins and passwords harvested as a result of around 2,000 separate leaks.
That is one of the reasons why these days not only financial institutions offer 2FA. You can enable it on most popular network services: Google, Yandex, Facebook, VKontakte...
The second line of defense does not have to be an SMS. The system can send the code by email, dictate it by phone, or request biometric data (for example, a fingerprint). Sometimes the key to the “second lock” is in the form of a separate device,
such as a USB key or smart card.
However, the second stage of authorization does not necessarily require a device, not even a smartphone. Some banks (and not only them) allow you to print off a table with several one-time codes. There also exist some weird and wonderful technologies
that require a special electromagnetic tattoo!
But back to ordinary life. As you remember from Lesson 2, cybercrooks hunt for SMS with one-time codes. So where possible we recommend that you use special apps instead, such as Google Authenticator or Authy. The codes they create are much harder
to intercept than a text message. Plus they are supported by most major services, from Google to VKontakte. Banks, regrettably, tend to ignore them.
Look after your accounts and enable 2FA wherever you can. Better to err on the side of caution, as they say. Next lesson, we’ll talk about the dangers facing your files.
Why do you need 2FA?