{"id":4,"date":"2016-09-02T09:33:03","date_gmt":"2016-09-02T09:33:03","guid":{"rendered":"http:\/\/scaine.net\/kb\/?p=4"},"modified":"2017-03-04T12:37:01","modified_gmt":"2017-03-04T12:37:01","slug":"two-factor-authentication","status":"publish","type":"post","link":"http:\/\/scaine.net\/kb\/the-internet\/two-factor-authentication\/","title":{"rendered":"Two Factor Authentication"},"content":{"rendered":"

What is it?<\/h2>\n

Two Factor Authentication (often called 2FA) refers to supplementing your password with another means of confirming that you are who you say you are.<\/p>\n

On services that use Two Factor Authentication, you’ll be asked for your username, password and a token. The token\u00a0must be generated by something unrelated to the service you’re accessing. Modern 2FA is usually handled by an app on your phone.<\/p>\n

Why use it?<\/h2>\n

It\u2019s extremely strong authentication, since an attacker not only has to establish your ID and password, but also steal your mobile phone, AND have a way to access it (since it will be fingerprint or PIN protected). Very unlikely!<\/p>\n

It\u2019s also reasonably convenient. Most websites will allow you to \u201ctrust\u201d the device which you are logging in from, thereby bypassing the 2FA requirement on subsequent logins, sometimes\u00a0for up to three months, depending on the service.<\/p>\n

Options<\/h2>\n

The most popular method to get 2FA\u00a0is Google\u2019s Authenticator app. Download it for iOS<\/a><\/u><\/span> and Android<\/a><\/u><\/span>.<\/p>\n

\"Google-Authenticator-icon\"<\/a>Some websites, such as Twitter, will use their own mechanism, usually based on you giving the site a valid mobile number and then they\u2019ll send you the second factor via a text message. While the end result is similar to Google Authenticator, this method has two disadvantages:<\/p>\n

    \n
  1. \n

    You have to give the site in question your mobile number. This may not be desirable.<\/p>\n<\/li>\n

  2. \n

    You have to have a useful mobile signal to receive the text. Depending on where you are, this could be an issue.<\/p>\n<\/li>\n<\/ol>\n

    Where can we use it?<\/h2>\n

    Many key sites now support 2FA. At the absolute minimum, you should apply 2FA to your email account, whether that\u2019s Gmail, Yahoo or Outlook (Hotmail), since if hackers gain access to this, they can use it to reset the password on any of your other accounts, simply by clicking on the \u201cforgot password\u201d link!<\/p>\n

    Here are some other sites you should consider for 2FA:<\/p>\n\n\n\n\n<\/colgroup>\n\n\n\n\n
    \u00a0\"Dropbox-Logo\"<\/td>\n\u00a0\"evernote-logo\"<\/td>\n\u00a0\"paypal_logo\"<\/td>\n<\/tr>\n
    \u00a0\"lastpass\"<\/td>\n\u00a0\"icloud-logo\"<\/td>\n\u00a0\"facebook-logo\"<\/td>\n<\/tr>\n
    \"twitter-logo\"<\/td>\n\u00a0\"ebay-logo\"<\/td>\n\u00a0\"xbox-live-logo\"<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

    And for an extensive and searchable list, use this excellent resource: https:\/\/twofactorauth.org\/<\/a><\/u><\/span><\/p>\n

    In summary \u2013 if there\u2019s an option to use 2FA, use it!<\/p>\n","protected":false},"excerpt":{"rendered":"

    What is it? Two Factor Authentication (often called 2FA) refers to supplementing your password with another means of confirming that you are who you say you are. On services that use Two Factor Authentication, you’ll be asked for your username, password and a token. The token\u00a0must be generated by something unrelated to the service you’re […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_expiration-date-status":"saved","_expiration-date":0,"_expiration-date-type":"","_expiration-date-categories":[],"_expiration-date-options":[]},"categories":[3],"tags":[7,6,8],"_links":{"self":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts\/4"}],"collection":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/comments?post=4"}],"version-history":[{"count":7,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts\/4\/revisions"}],"predecessor-version":[{"id":109,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/posts\/4\/revisions\/109"}],"wp:attachment":[{"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/media?parent=4"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/categories?post=4"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/scaine.net\/kb\/wp-json\/wp\/v2\/tags?post=4"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}