Two-factor authentication is an effective method of ensuring only authorised users have access to sensitive data.
How users and employees access data has been put into the spotlight recently, following Australia's new data breach law. Greater scrutiny over the access of sensitive data is one way of reducing the risk of a data breach. Multi-factor authentication is one way to better control access to information.
How does it work?
Two-factor authentication adds another layer of security on-top of entering a password. A service may allow you to use multiple ways (also known as factors) to authenticate a login request. A standard level of security is to authenticate using two factors. This is typical in services from Microsoft, Google and Apple.
Two-factor authentication is where two pieces of information are required to access an account. Typically, these are: a password (first factor), and a randomly generated code (second factor) accessed via text message or a trusted device. That code typically expire after a short period.
In practice, it simply adds another step to the login process.
How you receive the code will depend on how you originally set up two-step authentication. It may be emailed to you, sent as a text message, generated by a mobile app or even told to you by through an automated phone call or a physical code generating device.
There are other ways to enter in a second factor after your password. Biometric information, like a fingerprint or retina scan, can also be used. These are used less frequently than a code, but you may see them more often on mobile devices.
PCMag's lead security analyst Neil J. Rubenking sums up the different types of factors:
"There are three generally recognised factors for authentication: something you know (such as a password), something you have (such as a hardware token or cell phone), and something you are (such as your fingerprint). Two-factor means the system is using two of these options."
Our preferred service
For the second factor, we prefer the Google Authenticator. It's simple, uncomplicated and you can get under way in seconds.
Authenticator services replace the need to receive a code via text or phone call. Instead, the authenticator app sits on your phone and generates codes automatically. Even offline.
Using it is simple.
- Download the Google Authenticator app from the Google Play Store or Apple App Store.
- Set-up two-factor authentication on the service of your choice. There should be an option to view a QR Code.
- Open the Google Authenticator app on your device. Allow it to access your camera. Click the + icon and select scan bar code.
- Use the camera to scan the QR code. The Google Authenticator will now generate a sign-in code for that service every ten seconds.
Just be aware that not all services will offer a QR code to be added to the Google Authenticator.
A note on Google Authenticator: While the app is very useful day-to-day, it is not flexible. The saved keys are restricted to that device only. Meaning, if you lose your phone or reinstall the software on the phone, you will lose access to the saved keys. Similarly, if you upgrade to a new phone, the keys will not be accessible there either.
It is essential to keep a secure copy of the two-factor recovery keys provided by any service that you've entered into the Google Authenticator. More details are available here.
An alternative to the Google Authenticator is Authy, which syncs across devices.