Skip to content

Logging in has been a critical part of owning an account since the birth of the internet. Most people do it multiple times daily, many without thinking about it. From our banking information to personal details, logins, notably passwords, are the lock and key to important and sensitive information that many online accounts hold for us.
Unfortunately, only having a password to protect such data is no longer good enough. Cybercriminals have developed many ways to find and use our passwords for their own gain. Stolen login combinations are easily bought and sold online by hackers. Tools exist which allow attackers to conduct thousands of automated logins with a single mouse click. Thankfully, there is protection against attacks like these.

What is Two-Factor Authentication?

Two-Factor Authentication (2FA), also called Multi-Factor Authentication (MFA) or Two-Step Verification, is a method of authentication that provides a second step to confirming the identity of a user.

Instead of just providing a standalone password, you would also give a second authorisation form to prove that it is you logging in. There are multiple ways to give this additional authorisation, such as by providing a code that is sent to you through email or text or by using a trusted app to authorise a login attempt. Organisations can also use work devices as a form of MFA – by only allowing certain services to be accessed by work devices.

An example of 2FA from the DIGI Ken advert series by CyberScotland https://www.cyberscotland.com/digi-ken/

The idea behind 2FA is that an attacker may know your password, but they won’t (or would find it very difficult to) know a randomly generated code or fake an authorisation confirmation.
Using 2FA means that your accounts are protected against the many forms of attacks hackers can execute using only your password. It also protects you should any organisation you hold an account with experience a data breach that leaks your login credentials.
For businesses, having 2FA enabled is a significant step towards protecting employees’ accounts and the data and services they hold. It protects your business should employees use weak passwords or reuse passwords for multiple accounts.

But I have lots of accounts! Which ones should have 2FA enabled?

Knowing where to start with 2FA can be tricky, especially as almost every online service needs an account nowadays! Try thinking about which accounts hold sensitive data and how it would affect you if a stranger accessed that data. Examples of sensitive data may include:

  • Your banking details
  • Your home address
  • Email and phone numbers
  • Personal photos and videos
  • Healthcare information
  • Information relating to someone you are caring for, such as a child or elderly relative
  • Data relating to your business or workplace, especially if it concerns other people

It is also worth thinking about what actions you can take from your accounts – for example, access to your email means that you can change the password to almost every account linked to your email address.

Some import accounts that hold the above information could include your Microsoft, Amazon, email, and even social media accounts.

2FA is not the only security solution

Although 2FA is a great way to protect your online accounts, it should only play a singular part in your cyber security toolkit! While 2FA does reduce your reliance on passwords, you should still use strong and unique passwords for every account you own.

Additionally, 2FA does not entirely protect you from phishing attacks either. Hackers have created tools to steal 2FA tokens from accounts compromised in phishing attacks. Because of this, educating yourself on how to spot a phishing attack is just as crucial as having 2FA enabled!