SeedSpark Blogs | Business Growth Services in Charlotte, N.C.

Which 2FA Should You Use?

Written by Joe Pease | 04/08/2022

Cybercrime is on the rise, and a strong password isn’t enough to keep your money, job, or family safe. To defend against increasingly aggressive attackers, you’ll need a second factor. Two-factor authentication is becoming more widespread online; it typically involves providing a code after entering your password and can be with an email, a text, or a code from an app.

The Wall Street Journal provides a breakdown of the various alternatives and what you need to know to safeguard your digital life.

Use Unique Passwords

Before you get starting with two-factor authentication let’s cover some ground rules. The most important is to use a unique password for each account.

To create and remember lengthy, unique passwords for each of your accounts, use a password manager. For those who aren’t as computer-literate, I recommend using the free manager integrated into Chrome, Safari, or Firefox as a first step. If you use a lot of internet services, switching all of your login details might be a time-consuming process but it’s worth it. Especially if your passwords have been exposed in the past (Check at haveibeenpwned.com, which won’t ask for your passwords, only your email or phone number.) Once your passwords are strengthened, turn on two-factor authentication.

 

Two Factor Option 1: Physical Security Keys

Two-factor authentication can be achieved by using security keys. They’re tiny dongles, usually USB sticks, that attach to your keychain or go into your computer’s USB port. You may use them to access several popular services, including Google, Facebook, and most password managers.

A typical use case might go like this: Go to a website or app, enter your username and password, then insert your security key into the computer’s port when prompted. Touching the key’s gold tip or disc triggers the authentication. For a smartphone or tablet, you can get keys with wireless alternatives, such as near-field communication (NFC), so you don’t even have to insert the key.

Consider a security key for accounts that support it if you’re at higher risk, such as an executive, an administrator who handles sensitive data, a social media influencer, or a high-net-worth individual. Keys can range from $25 to $60 and remember it pays to buy and register a spare in the event that you lose it.

 

Two Factor Option 2: Authentication Apps

PayPal and Amazon are two of the most popular websites that do not accept security keys, despite the fact that many sites support two-factor authentication. For the remainder of your accounts, use an authentication app to generate time-based login codes. They function even when you don’t have access to the internet and are a bit safer than the next option: getting codes via text messages.

There are many apps out there such as Googles Authenticator, Twilio’s Authy, and even LastPass which SeedSpark can help you implement into your business.

 

Two Factor Option 3: Text Messages

The code sent through text message is one of the most popular methods of two-factor authentication. Any extra verification than a username and password is generally preferable to most people. You must, however, be aware that this method is a little vulnerable.

“SIM swapping” is where criminals steal a victim’s phone number by duping the carrier into porting the number to a new account. According to the FBI, these sorts of assaults are on the increase, although they are typically targeted assaults in which hackers know who they are and what they can get. Individuals with large bank accounts or crypto wallets are prime targets.

Whatever you choose, make sure your accounts are protected by more than a bad, recycled password.

You can read more from The Wall Street Journal here.