The ultimate goal of IT security is protecting the assets, devices, and services from being stolen. Enabling two-factor authentication (2FA) on your account is one of the best pieces of security advice that you’ll get from Onsite Helper and any other computer expert that you ask. As much as possible, if the website that you use supports two-factor authentication, enable and set it up correctly. Doing so will drastically improve your overall IT security especially now that password leaks and breaches are becoming more common.
How can a simple act of enabling two-factor authentication on your account protect your data, information, and identity from being compromised? How exactly does it work? Are there any benefits in disabling them?
Onsite Helper will tackle the benefits of two-factor authentication and the risks of turning it off in this guide about two-factor authentication.
If you want to protect your friends and family from unhealthy IT security practices and the risk of being hacked, share this blog with them!
And if you want to build the most solid security for your company today, click this and get in touch with one of our experts.
5 things you need to know about two-factor authentication
Two-factor authentication is a fairly new feature in the facet of IT security. Most of the websites you visit and the accounts you use already support this feature. What exactly is it? How does it work? What should you do? Let’s find out.
1. Two-factor authentication and two-step verification: are they the same?
Thinking that both of those are one and the same is a common misconception. To understand the difference, we first need to understand authentication factors.
There are three types of authentication factors:
- Something you know – passwords, pins
- Something you have – mobile phone, unique USB key
- Lastly, Something you are – fingerprint, biometrics
Finally, we can now easily differentiate between two-factor authentication and two-step verification.
Two-factor authentication combines two different authentication factors; for example, a fingerprint scan and a pin. On the other hand, two-step verification (2SV) utilises the same authentication factor twice. For example, a password and one-time-pin (OTP) sent to your mobile device.
You might think that an OTP can be classified as “something you have” since it’s sent to your mobile phone. However, from a security point of view, SMS is insecure. Your phone can be compromised and the messages can be intercepted – that makes it similar to a password.
Two-factor authentication is definitely more secure than two-step verification. Regardless of which security feature your account offers, it’s best to take advantage of it.
2. You MUST use it in your emails
In most cases, your email is your gateway to every other account that you have – that is why your email must have the utmost security. On top of protecting your different online accounts, it’s also home to a lot of your private information and conversations.
If hackers have access to your email, they can easily find old registration emails that you have with other accounts and use that information to target your other online accounts. As a result, they can easily change the passwords to your accounts. Next thing you know, you don’t have access to any of them anymore.
3. Increase security by using a password manager
Hopefully, you’ve followed what’s written on number 2 already. If so, you might be thinking “now what?”
We can further improve the security of your online accounts and overall IT security by using a Password Manager. Password managers add an extra layer of security and encryption to your passwords on top of having a two-factor authentication option. Moreover, you can enable the two-factor authentication on your password manager and on your accounts as well. Here are some of the most popular sites and services that support two-factor authentication:
4. Should you TRUST that device?
Most websites and services that support two-factor authentication also have a feature that allows you to mark the device you use as a “trusted device”. This may be expressed in the form of:
- “Remember this computer…”
- “Trust this device…”
- “Don’t ask again on this computer…”
Marking a device as a “trusted device” is similar to disabling the two-factor authentication for that device. It allows you to log in to your account using only your password so long as you use that device.
From a usability standpoint, it makes sense to do this. From a security perspective, however, it’s not great. If you lose your trusted device, you can’t be too certain that thieves or hackers can’t use that to access your account. With that said, most websites allow you to revoke all of the trusted statuses that you gave your devices. Using this particular feature is solely up to you, that’s why you need to know the trade-off.
5. What if I lock myself out of my account?
More often than not, your phone will be integral to your two-factor authentication experience. From receiving OTPs and getting unique codes from apps like the Google Authenticator, you’ll be using your phone for all these. What happens if you lose your phone? Are you just permanently locked out of your accounts? Not really – the good news is that most websites and services are prepared with contingency plans in the event that you actually do lose possession or access to your phone by any means.
For account recovery, some websites and services allow you to set a backup phone number. Others provide backup codes that you can print or store offline in the event that you lose your source for authentication. If that doesn’t help, you can always call a particular service’s technical support representative and prove that the account is yours. With that said, it’s very rare for you to be completely locked out of your own account.
Are there any benefits to keeping your two-factor authentication disabled?
Short answer: No
Sure, you can argue that logins will be smoother and quicker without two-factor authentication, but the level of usability isn’t worth trading over a much-secured account.
Disabling two-factor authentication for your accounts would mean that it’ll be much easier for people to access your accounts – unfortunately, that includes potential hackers and attackers. This applies to personal accounts but more so to business accounts as you’ll be putting your business’ data on the line when you disable 2FA.
What are the alternatives to turning off two-factor authentication?
Oftentimes, when working on a large project or with a third-party IT support provider, you need some people to be able to easily access your business accounts. We, at Onsite Helper, often get requests from clients to disable their two-factor authentication. We highly discourage this practice as this will put their system and data at risk. Additionally, there’s a big chance that they would forget to enable their two-factor authentication after the project – keeping their data vulnerable to attacks.
Instead of turning off two-factor authentication for your accounts, you can provide one-time access codes to the trusted person who needs to access your accounts. The beauty of these one-time access codes is that you don’t have to disable two-factor authentication and the people that need to access your accounts can still easily access them.
Another thing you can do is to share your inbox in the safest way possible. Businesses commonly set up a central email account whereby a number of staff have access and manage the account. This is most used in sales or technical support teams since multiple users and multiple access happen here for managing queries and workflows. The central emails created are usually sales@ or support@. To learn more about this you can read our article here.
Here at Onsite Helper
We always highly recommend to our clients that they keep their two-factor authentication and two-step verification on. We’ve had several clients ask us to turn off the 2SV for their account and for the rest of the employees. This is often the case when they are working on a large task. We do not recommend this practice as companies would often forget to turn on their 2SV once they’ve done the task that they had to do and they are left vulnerable to attacks.
We have also devised our very own security audit that aims to boost your organisation’s productivity by checking your system’s vulnerabilities. These vulnerabilities/issues may lead to data loss. Speak to one of our team members today!
If you really want to disable the two-factor authentication and two-step verification for a particular account, you can create an exceptions group and move it there.
If you are using Google Workspace for your business and you want to make sure that your security is uptight, you can read see 5 tips to lockdown your Google Workspace security or contact Onsite Helper for further help.