|Cybersecurity - Stay safe on the Internet!|
By Virtual Ability Member Orange Planer
What is it?Two-factor authentication (2FA) is a method of better protecting your assets. Assets could be money, property, information, stock certificates, etc. The idea is to use two ways of verifying who you are before you can gain access to those assets. For example, if you buy something at the store with a personal check, the value written on the check is the asset. The first method of verifying your identity is your signature, which you put on the check. The store clerk will request your picture identification, such as a driver’s license. The license has not only your signature (method one) but also your picture (method two) to make sure who is presenting the check and the picture on the license match.
There are three types of authentication you can offer to identify yourself to someone:
- Something you have: the check mentioned above, a credit card, your computer, or something else;
- Something you know: the PIN to your debit card, answer to a security question, a password, or something else;
- Something you are – that is, something physical about you (a “biometric”): a fingerprint, retina pattern, face, or voice.
How does 2FA work on a computer?Perhaps you are trying to log on to a website or application. First you indicate with a username what you are trying to access – information in your account or access to your online game. Now you enter your password – something you know. With 2FA, we need a second way to identify yourself to the keeper of the information.
The most popular ways to do that are by receiving a text message on your smartphone (SMS) or using an authentication app on your smartphone. Popular phone apps are Google Authenticator, Microsoft Authenticator, Authy, and DuoMobile. All of these are available at both the Google Play Store and Apple’s App Store.
Which is more secure, text messaging (SMS) or an app?Text messages are tied to your cell phone number. They can be intercepted through the cell phone network which can be hacked. Your phone could be infected with malware that sends information to a hacker. Your phone number could be hijacked by a hacker, who convinces your cell provider to transfer your phone number to another device. Some people synchronize their text messages with their computer (maybe with the Microsoft Your Phone application). If someone steals your computer and manages to log on to your account, they can steal your text messages. Lastly, if you cannot access your cell phone or if you lose cell service for any reason, you cannot access the text messages.
An authentication app uses Wi-Fi data and is extremely low bandwidth (does not use much of your monthly data allocation). This means the codes are not transmitted over your cell carrier and even if a hacker manages to transfer your cell number to another device, the codes stay with the app. If you lose cell service you can connect the phone to your secure Wi-Fi and the app will still work. Hands down, an authentication app is more secure.