It’s one of the best ways to keep your accounts safe from cybercriminals. Now available across numerous services — including Apple’s operating systems, Google Drive, Windows 10, and popular social networks — 2FA is a simple and effective security solution.
What is two-factor authentication?
Two-factor authentication is the process that adds an extra security layer to your account, making it much harder for malicious actors to attack and steal your data. To access a profile protected with 2FA, you need two elements:
- Something you know (a password or pin code)
- Something you have (access to a specific device)
With 2FA, every time you want to log in to your account, you will first be asked to enter your password. Then, a one-time code will automatically be sent to your mobile phone; if you can prove that you’re also the device owner, you can log in.
Why do we need 2FA?
Even if a cybercriminal acquires your password and tries to break into your account, they will need to have physical access to your phone as well. So it provides you with an extra layer of protection and you get immediate notification if someone tries to break into your account.
How is 2FA different from 2SV?
If you already have two-step verification (2SV), is two-factor authentication necessary? The answer is yes.
Although 2SV also offers some additional layers of protection, it doesn’t necessarily require the “something you have” part. In order to access your account when 2SV is on, you can use either two USB security keys, two passwords, or a combination of a password and a security question.
The main difference between these two is pretty simple:
- If you use 2FA, the bad actor who wants to hack your account will have to pull off two types of theft: they will need to steal your physical device (“something you have”) and your password (“something you know”).
- If you rely on 2SV, the hacker will only need to commit one type of crime, multiple times. He just needs to steal your information — your password and the answer to your security question, for example. If he’s using spyware or extorting a data breach, he may already have both.
Although both of these security measures add an additional level of safety to your account and should be used wherever possible, 2FA offers more benefits. Needless to say – any form of protection is better than none.
How to enable 2FA
2FA on macOS
If you’re setting up 2FA on macOS, head to System Preferences in the Apple menu and select Apple ID. Go to Password & Security and click Turn On Two-Factor Authentication.
If you’re using macOS Mojave or an older operating system, you should go to System Preferences and click iCloud. Next, select Account Details, Security, and Turn On Two-Factor Authentication.
2FA on iOS
If you’re using an iPhone, iPad, or iPod, you should first go to Settings, tap on your name and select Password & Security. Alternatively, if you’re using an earlier version of the operating system — iOS 10.2 or older — head to Settings, iCloud, and Apple ID, and click Turn On Two-Factor Authentication.
Next, enter the number of the phone you want to use as your verifying device. Apple will then send you a code by text or call, depending on your preferences. Verify your number to complete the setup process for two-factor authentication.
2FA on Google
Confusingly, Google uses the term “2-Step Verification” when referring to their 2FA features, so in this case you'll be setting up 2SV. Go to Sign-in and security. Enter your password and phone number to receive your verification code.
You can either stay with the default option and receive your security codes via text or voice messages, get the Google prompt to make your verifications quicker or use their Authenticator app.
With the Google prompt, you won’t need to type in verification codes each time you want to access your account. Instead, you will receive a notification asking if it’s really you trying to log in. Simply tap “Yes” and you’re in.
2FA on Windows 10
If you’re a Windows 10 user, the process for setting up 2FA is a simple one, and can be carried out online through your Microsoft account. As part of the authentication process, you can use an email, a phone number, or Microsoft's dedicated Authenticator app.
Head to Microsoft’s Security Basics page and log into your Microsoft account. Then click More security options and Set up two-step verification, and follow the prompts to complete the set-up process.
2FA for social media
In the video below you can find out how to protect your social networks with 2FA.
Here’s why you shouldn’t use texts for 2FA
The major problem with two-factor authentication is that it typically relies on text messages, which apparently can be easily hijacked. Such vulnerability of text messages has been known and discussed for a long time. Apparently, your name, surname and phone number is all hackers need to break two-factor security if you use to claim your identity via SMS.
Hackers can exploit the flaws in the Signaling System No. 7 (SS7) that is used by nearly every telecom in the world to manage calls and text messages. “This is a vulnerability in mobile networks, which ultimately means it is an issue for everyone, especially services relying on the mobile network to send security codes,” said Dmitry Kurbatov who is a researcher at Positive Technologies.
While telecom companies are restricted from accessing users’ communications traveling through this network, hijacking services are pretty popular on criminal marketplaces. However, there’s no need for hackers to spend money on hijacking services as they can also breach the network directly.
If a hacker manages to breach the phone network, they can use 2FA codes sent to you via text messages and log in to any account he needs.
Other 2FA methods
Even hijackable, text-based 2FA is better than no digital protection. However, if you care about your data security, you may want to consider choosing an alternative authentication method, such as Google's Authenticator app.
Experts also suggest getting a separate phone number for digital services through, for example, Google Voice. For secure 2FA, you can also use security keys or download the Google Prompt that doesn’t rely on the vulnerable SMS protocol.
Another important step privacy-concerned users should take is to demand that all account services provide non-SMS-based 2FA options to help their customers securely log in to their accounts without the fear of being hacked.
2FA third-party apps
Now might be a good time to go through all your accounts (Amazon, Dropbox, Facebook, PayPal, etc) and add that extra layer of security. If you're not sure whether a specific website offers 2FA or 2SV, you can quickly check it here.
The majority of popular services provide either two 2FA or 2SV to their customers and there are also a number of specialized apps, such as Authy or Duo Mobile, designed for the same purpose. You can also use the above-mentioned Google Authenticator. Just always make sure these third-party apps are safe and private.
If you want to take your security to the next level, you can also use a virtual private network (VPN) to enhance online safety. NordVPN wraps your data in layers of next-generation encryption, making it harder for criminals to access your passwords and sensitive data. Take control of your data today with 2FA and NordVPN.
Take your privacy into your own hands.
Stay safe with the world’s leading VPN