Two Factor Authentication (2FA) for Ordinary Users
Computers users have gotten used to using user names, passwords, and pins to secure their data. They may not be thinking of it in terms like “securing my data,” but they don’t want snoopy people in their phones, tablets, or computers.
How Hackers Work
Unfortunately, many people have passwords or pins that may be easily guessed. Partially due to the way hacking is portrayed in movies, people have the idea that some super-genius nerd sits down at the computer and breaks into it through something much like magic. As a result, they feel that if someone goes after them, they’re pretty much at the mercy of this magical hacker power.
Real hacking, however, generally works much differently. Oh, it may look much like magic. I’ve shocked people myself by sitting down at their computer and logging in while they were just coming to the realization that I’d need a password. In most cases, however, this was not magical and didn’t require particular genius. In fact, most people I’ve stunned that way have been embarrassed when I point to their password written on a sticky note and attached to the edge of their monitor.
The most common way that you can be attacked uses a knowledge of people. For example, in order to make it easy to remember a password most people use familiar elements: children’s names, birthdates, anniversaries, ages, and so forth. Hackers find this information from your social media, or they simply use familiar numbers and names in combination.
Brute Force
Just as frequently, however, they simply use brute force methods. This means that the shorter and less complex your password is, the easier it is to find randomly. You may think this sounds like a fairly hopeless activity, but with a network of already hacked machines working, hackers have a good chance of breaking into a few machines.
Someone Else Gets Hacked
You’re at risk with simple passwords or sequential pins. You’re also at risk when a company to which you have provided information is hacked. There has been a lot of news about this sort of thing over the last couple of years. What many people don’t know is that many of your accounts can become vulnerable when your information is stolen from one company.
If you use the same password (or very similar passwords) on multiple accounts, then your other accounts may be vulnerable. They may also be vulnerable if you provided information such as your zip code, social security number, or family data to the company that was later hacked. This information can be used by a hacker to try to access other accounts.
If you had data in a company that was hacked, be sure to change not only that password, but also the passwords on any account that might be related to the one that was hacked. That’s a lot of work.
Security and Convenience
Now let me provide a caveat: Security and convenience conflict. Making your password more complex will make it harder to remember. I have so many passwords I have to use a secure storage medium (encrypted and protected by biometrics) to track them.
Two Factor Authentication (2FA)
So what does all this do with two factor authentication (2FA)? Well, 2FA is the hacker’s enemy, and your friend. Provided, of course, you’re willing to take the time. Because I have a web server, amongst other things, I am definitely willing to take the time.
While 2FA can be inconvenient, it’s not that difficult. Essentially, you find a second way to check when you enter your password or pin. Google will text a number to your phone, or will simply provide you a yes/no question to click on your phone. In order to access your account, a hacker would have to have your phone as well as your password.
You can picture the hacker with his automated software pounding away at some web site, and suddenly it signals that he’s in. But when he gets there instead of the control panel of your web site, he has a box requesting an authentication code. I like the idea of disappointing a hacker in that way.
Making It Easier
There are several ways you can make 2FA easier. One is to put the 2FA on your Google account, using the verification message (a yes/no prompt) to provide the authentication. Google adds some additional convenience by allowing you to set trusted devices so you don’t have to continually authenticate on your own computer. But beware: You want to keep that device secure. If you make your laptop a trusted device and then don’t have a password or pin to log on, and then that laptop is stolen, all your accounts are vulnerable.
Once you have that Google account set up (and Facebook and a number of other services have this option), you can then set up many of your other accounts to use that login, rather than having a separate one. But–you guessed it–there’s another beware here. Major companies have been hacked. If your credentials are hacked, and you’ve set up access with dozens of other services using those credentials, all your accounts become vulnerable at once.
I recommend using 2FA. I know it’s annoying. You really don’t want to remember passwords, and 2FA is even more convenient. But you’ll be much more than inconvenienced if a hacker gets into your accounts.
In fact, you can be a bit less tense about passwords if you use 2FA. I’ve heard of some IT people who eliminate passwords and use just the second factor, but I don’t recommend it. In fact, most accounts won’t leave this option open to you.
I personally use strong passwords combined with 2FA and only in rare cases do I use a single account as credentials for multiple services.
Use Two Devices
From experience I want to recommend one thing: If you use 2FA with the Google Authenticator, it’s very easy to set up two authentication devices. This saved my life (well, nearly!) when my phone broke and the parts were out of stock. I was able to get authentications from my tablet. Adding authentication with the Google Authenticator app will let you set up two devices at the same time.
Be Secure
Just as we’ve learned over the years to lock our doors and our cars and to put our money in more secure places (well, some of us have!), so we need to learn to work with our data more effectively. Some inconvenience now will save you later!
