Time to Two-Step

There’s nothing like the possibility of World War Three to get the cybersecurity conversations started.

Prompts to enable two-step verification began popping up in Chrome in May.
A prompt to enable 2FA in the Chrome web browser.

The “military operation” in Ukraine has increased the possibility of cyberattacks as the Russian government seeks to retaliate against supporters of Ukraine. While the news is dominated by stories of hackers and sophisticated cyberbots breaching large networks or corporations, a good deal of the cyberwar will be fought in the email inbox. Phishing and spoofed emails still comprise a huge percentage of computer crime.

As more of us worry about hackers, more people are asking about Two-Factor Authentication (2FA), or 2-step verification or multi-factor authentication as it’s sometimes called. No matter what you call it the idea is simple: to make things more secure you log in to an account with a password and something else.

The most common method of something else is text message sent to your phone. Hopefully a thief doesn’t have your password and your phone. So in case you ever get a text message with a code – but you aren’t trying to log on to your account – you instantly know someone is trying to access your account. And knows your password!

There are many options, but most require 1) something you know (your password) and 2) something you have (your phone). Another method is a secret code stored on a USB thumb drive or key card, or an authentication app. No matter which method you use, without the magical combination the login fails. And your frustration with the Internet and computers continues as usual.

Seriously, if you aren’t using 2FA you really should. Do you require it for every account and website? No. Do you need it for critical or financial apps or websites? Absolutely. In fact, I would make it a priority for any bank or brokerage before doing business with them. There are still plenty of websites that don’t support 2FA, but using a password manager with strong passwords can help make those accounts more secure.

In practice this might sound more obtrusive than it actually is. Most apps only require the second verification on your initial login. You won’t need to grab your phone every time you check your mail. You will need it when you log in from a different device–new phone, library computer, etc.

But I believe the inconvenience is far outweighed by the peace of mind. For instance, if you receive a verification code out of the blue (in other words you aren’t logging into an account) you instantly know something is amiss! Someone has one piece of your login, but your account is safe because they presumably did not have the second.

Get Started
Start with your email. The image above shows a prompt Google users started seeing in May 2022. If you’re a Gmail user, then your Google account is a great place to start. And if you’re using some email system that doesn’t offer 2FA (I’m not even sure this is possible today) then I would switch.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: