Over the past years, many online services have begun to offer two-factor authentication. It is an extra security measure that often requires a code obtained from an application, or an SMS message, in addition to a password to access the service.
For PC users, who are already tired of having to memorize a dozen passwords, this seems to be the last thing they need, but the double factor of authentication can be the difference between falling victim to a cybercriminal and staying protected.
Twitter, Google, LinkedIn, and Dropbox, among other services, already offer this feature as optional security for accounts. Both Twitter and LinkedIn added the system after attacks that reached public character, and other sites such as Evernote have also implemented it in the last year.
Systems vary but usually involve an automatic SMS message or an application that generates passcodes. After entering your password, the system will ask for the passcode, and in some systems, an application (separate from a web browser) is used to enter the code.
What is a Two-Factor Authentication System?
Two-factor authentication systems are much more secure than passwords. Many attacks that achieved public notoriety, such as those perpetrated against media company accounts on Twitter last year, would not have occurred if there had been a two-factor system in place. Even if an attacker manages to infect a computer and steals a password, access cannot be achieved since they do not have the access code.
But it’s important to remember that there are no magic bullets: two-factor systems are better than passwords alone and simpler than biometric measures (such as fingerprints or facial recognition), but attackers may eventually find a way to breach them.
What the system guarantees is that attackers will have to work harder. For example, in a recent attack on World of Warcraft, cybercriminals created a replica of the website on which malware was downloaded. This shows that the work required for an attacker is much higher, and that’s good news.
How do I Enable it?
Many websites, including Twitter, Gmail, and Dropbox, offer two-factor system for free, though they must be activated by the users themselves. To know how to activate them, we invite you to read our quick guide on how to set up 2-factor authentication on your social media accounts.
It is worth implementing these systems if you want to keep your information safe in those services, and it becomes imperative to apply them if you store work information in any of those accounts. The two-factor authentication makes it more difficult, though not impossible, for third parties to access services like Twitter and Dropbox. As mentioned before, currently the system is optional, so it is the task of each user to activate them manually.
Should I Enable it on all Websites I Login?
The answer is simple: no. Ideally, you should use two-factor authentication for your most valuable accounts, which are the ones you can’t risk being compromised. Most Internet users have access to dozens and even a hundred sites, but not all of them have the same importance, such as a “disposable” e-mail account that was created to access a site that you are going to visit only once.
Therefore, the implementation of two-factor authentication should be developed on sites that you visit frequently, and that contain valuable information.
Is it Foolproof?
It’s not foolproof, but it’s an extra layer of protection that makes you a harder target for attackers. There is malware, such as Hesperbot, that was created to circumvent these types of systems, by tricking users into downloading a fake application instead of the real one. But in most situations, two-factor systems offer a valuable additional layer of protection for end-users and companies.
What are the Benefits?
Yes. Particularly in Dropbox, many families store large amounts of valuable information and don’t use the two-factor authentication option. It’s there, use it. If you use Facebook, Twitter, and LinkedIn for your work, it is also worth considering the possibility of implementing it, since if you are attacked, your reputation can be damaged.
We hope that this article can convince you to enable two-factor authentication at least for your social media accounts as your personal privacy and security are the most important thing when using any app.