What Is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA) is a security method that you can apply to the accounts you use online, ranging from bank accounts to social media accounts to email accounts. Think of 2FA as an extra step to your log-in process.
2FA is considered an industry-standard security measure. It helps ensure that online portals are protected against traditional security threats that target passwords. 2FA adds a physical element to security. In simple terms, when you enable 2FA, an app on your phone gives you a second password to use after you put in your first password.
In many ways, 2FA serves the same purpose as a swipe card that many office workers use to access the building they work in. These swipe cards are typically used in combination with a four-digit code. By having two layers of security, it’s highly unlikely that any random person can enter the building—even if they know the code.
Collective Shift members can activate 2FA. Head to Security Settings or view our walkthrough!
Two-Factor Authentication (2FA), Explained
2FA uses a phone app dedicated to the task where a pairing is created between the app and a specific online portal. When you go to log in to an online platform like your bank or social media account, the platform will generate a unique QR code for you to scan through your 2FA app. This app will then ‘pair’’ the two together. (A QR code is a barcode that is readable by smartphones.)
At the time of pairing, a unique security key is generated and combined with a time factor so that both independent systems—the online portal and the 2FA phone app—are in sync.
Since both systems know the security key and the current time, they can independently generate the same six-digit security pin. When you attempt to log in to the online account with your username and password, you’ll then enter the six-digit pin from your 2FA phone app.
In most cases, the six-digit code will change every minute. Because of this, every time you log in to that same online account, you’ll be putting in a different 2FA verification code.
2FA methods
2FA can be set up using a few different methods. Some are more secure than others.
The most common type of 2FA method is that which goes through a dedicated mobile phone app. (We highlight some of these later on.) Broadly speaking, dedicated mobile apps are seen as a moderately strong 2FA method.
Another method 2FA works through is SMS. This is generally seen as a weaker 2FA method because of the risk of a SIM swap attack. (A SIM swap attack involves the attacker convincing the victim’s cellular carrier into switching their mobile phone number to a new device.)
The strongest 2FA method involves the use of a hardware token. Usually, this token is the size of a USB data drive and can fit onto a keyring.
Why Is Two-Factor Authentication (2FA) Important?
2FA is important because your usernames and passwords can be guessed—especially if your password strength is weak. Your log-in details can also be stolen if your computer gets hacked. With 2FA, you have an extra level of log-in security.
Many crypto exchanges require you to use 2FA as part of your log-in process. Because a lot of users keep their cryptocurrencies on exchange accounts, there’s a strong need for exchanges to force users to enable 2FA.
(We recommend against keeping cryptocurrencies on exchanges. If the exchange gets hacked or closes down, you can lose it all. That’s why we encourage people to store cryptocurrency on a crypto hardware wallet.)
If your mobile device with the 2FA app is secured via biometrics such as fingerprint security, it means that only you can access the 2FA code. This is a powerful security feature because a hacker on the other side of the world would have to physically take possession of your mobile device.
Not only that, they’d have to be able to unlock your device in order to successfully authenticate into the online portal that you have 2FA enabled on.
Read: How to Identify & Avoid Crypto Scams
How To Enable Two-Factor Authentication (2FA)
To enable 2FA, there are a few key steps you need to follow. Firstly, you need to install a 2FA mobile app such as the ones listed below.
Once you have this open on your mobile, you can then log-in to the online portal that you want to enable 2FA on. (You can normally enable 2FA through the portal’s account settings.)
From here, it’s as simple as creating a new 2FA setup within the online portal, using your mobile app and scanning the QR code to create the pairing. Before the pairing can be finished, you’ll need to confirm the six-digit 2FA code by entering it in.
A very important step of creating a 2FA pair is to safely and securely back up the 2FA secret key. If you lose or change mobile phones, you’ll need this key to be able to copy the pairing across to your new phone.
If you don’t back up this security key and you lose access to your 2FA app, you’ll need to go through a lengthy process of contacting the online portal to disable your 2FA pairing. Then, you’ll have to log in and set up 2FA again.
Two-Factor Authentication (2FA) Apps & Devices
Twilio Authy (App)
Twilio Authy is a popular 2FA app. Known for its simple software design, Twilio Authy has several options when it comes to backup and it can also configure multiple devices. The Twilio Authy app is compatible on various operating systems including iOS, Android, Windows, Mac OS, BlackBerry and Linux.
Google Authenticator (App)
Google Authenticator is another popular 2FA app that is also known for its simple-to-use design. Google Authenticator has high-quality backup and restore features, allowing for quick restoration of existing 2FA pairings; particularly handy if you switch or lose your phone. The app is only available on mobile devices.
Duo Mobile (App & platform manager)
Compared to the above two, Duo Mobile is a more powerful system of security that brings in elements of team management and sharing of 2FA pairings. It is these features that make Duo Mobile particularly useful for remote teams. Also, it comes with advanced reporting and compliance capabilities. Note that Duo Mobile is a paid service.
Yubikey (Hardware device)
The Yubikey hardware device allows you to automatically enter 2FA credentials into the websites you visit. You do this by tapping on the device which is plugged into your computer’s USB port.
Yubikey can also be used to confirm your identity when logging on to your laptop or computer, making it impossible for your data to be stolen unless the Yubikey device is present. Given its advanced security features and usability, the price of a Yubikey is rather inexpensive.