Over the years we’ve grown to understand the importance of passwords… especially good passwords. In fact, most web portals and platforms don’t even allow us to use something simple like “1234” any more. Instead, we have a dictated set of characters to use, and need to add numbers or other symbols to improve their security.

This begs the question; with our emails, banking, and favourite apps protected by a tough password, is two-factor authentication necessary? And if so, what is it and what makes it better? This guide should answer all your questions about two-factor authentication, including why we need it.

WHAT IS TWO-FACTOR AUTHENTICATION?

Also known as “2FA” and “two-step authentication”; two-factor authentication is a necessary security measure that doubles your password protection. Think of it as an additional layer of security. With two-factor authentication you need to provide multiple pieces of information to access an account. If hackers collect one piece of information (such as a password), then they still need a second piece of information to gain access.

WHY DO WE NEED TWO-FACTOR AUTHENTICATION?

Cyber criminals are getting smarter every day. Techniques such as “password spraying” (where a long list of the most common passwords can be applied quickly to many accounts) are still successful at cracking weak passwords. Other techniques used by hackers include:

• Creating a data breach with a large organization, giving hackers access to millions of usernames and passwords, as well other sensitive data. Cyber criminals sell these lists to other hackers, sharing and spreading your security information even further.
• It’s still common to find spyware on many personal and commercial computers. This malicious software can log your keystrokes, recording everything you’ve typed, including usernames and passwords.
• A social engineering scam that people are still being tricked into is phishing. This is when you access a website or email that you think is legitimate, such as your bank, but you’ve been redirected to a fake (identical) site that captures your information as you attempt to log in.

These three examples are the most common on a long list of hacking techniques. The reason they’re so common is because anyone, no matter how smart and safe they are, can fall victim to them. In some cases, such as having your information lost in a large, corporate data breach, it’s completely out of our control.

HOW DOES TWO-FACTOR AUTHENTICATION WORK?

As we mentioned, 2FA requires at least two different types of information. The types of information required depends on the organization you’re creating an account with. If you were setting up a Gmail account, for example, you have three choices for supplying confirmation of identification:

1. A physical security key (which some phones have built-in). You can also buy a Titan Security Key from the Google store, or other retailers. A “box of keys” is usually $25.
2. The Google Authenticator is a free app you can install on your device. When you sign into your email on your computer, for example, you’ll get a prompt on your phone that you tap to confirm.
3. Verification codes are popular among many platforms and online services. This is where the account sends you a one-time code, usually numeric, that you use to confirm your identity.

The Government of Canada is also promoting two-factor authentication. They’re not just encouraging it for their platforms, but every account you need to sign in to. They offer a quick, informative video that helps explain the importance of two-factor authentication here.