Two-Factor Authentication

What is two-factor authentication? Why we need it? How to do it? This post is for those who has never heard about two-factor authentication.

Why Do I Need to Write This Post?

For information security needs and GDPR regulation, most of the people who work in information security and IT process management jobs have already know why we need it. However, people who does not work in these fields may not know about it, but actually need it.

Even though you realize or not, online banking regulations asks for two-factor authentication. Actually some other systems also do, which you do not know.

The reason why I write this post was, in January 17, 2019 there was a news on 700 million people’s e-mail and password data has been breached. This event actually proved that password by itself does not secure our accounts.

Companies which keep our data are also responsible to protect it. Even though companies are responsible for this protection, personal awareness in information security is a must. Companies provide the tools to us for our data protection, but they are useless unless we use them.

We all do care about the security of our e-mail and social media accounts. Not only we use them for checking our e-mails or posting our photos, but we also use them in e-commerce, education, game websites for creating a profile. If we lose our personal e-mail’s control, we also do lose all our accounts in other websites.

What is Two-Factor Authentication?

Two-factor authentication is a method in which users can access their accounts by using two different evidence. (Source: Wikipedia)

There are three different types of evidence and the user can access their accounts by using at least two of them. These types are listed at the following:

  • Knowledge: An information that you know, such as your password.
  • Possession: An object that you have, such as your mobile phone.
  • Inherence: A biometric data, such as your fingerprint or face recognition.
Two-Factor Authentication
Two-Factor Authentication

If you use two of the three factors, you minimize the chance losing your accounts and avoid the risk of someone do or buy something on your behalf. Because it is quite impossible for some other person both knowing your password and have your mobile phone at the same time.

Examples for two-factor authentication:

  • For online banking, you enter your password (knowledge) and then you enter the one time password delivered to your mobile phone (possession)
  • When you go to the gym, you first show your membership card to the access device (possession) and then put your hand to hand recognition machine (inherence)

There are other examples and combinations like the examples above. The important thing is security is provided by two different factor.

If any system ask us two different passwords while granting access, this method is not called as two-factor authentication. Because you need two different factors. However, using two different password instead of one is still better than using only one password.

How Can I Activate Two-Factor Authentication?

You have just learned what is two-factor authentication and why you need it. However, you may not know how to do it. This part of the post will help you how to activate two-factor authentication for your Google and Facebook Accounts. I am going to share videos for you to understand easily.

Two-Factor Authentication for Google Accounts
Two-Factor Authentication for Facebook Accounts. Note: You will select the country that your phone number is registered to (not Australia if you do not live in Australia)

After you activate two-factor authentication settings, for every new device you use you will receive text message while accessing to your account. In this case, even a person knows your password, you will receive a text message when this person tries to access to your account. In this case, you will be aware of someone knows your password and you will change it. It is strongly recommended to change the password of other accounts, if you use the same password. (Different password usage for each account is highly recommended. Do not use the same password.)

Conclusion

Two-factor authentication is actually quite easy security tool and it is highly recommended.

In addition, there are other methods for protection. Choosing strong passwords (numbers, upper case and lower case letters, special characters) and changing your passwords periodically are again very important and easy methods for protecting your accounts.