Q. I’ve read a lot about two-factor authentication. What is it, do I need it, and what apps will help me get it?
Two-factor authentication (2FA) just means that we have a second element of proving who we are when accessing one of our online accounts that supports this feature. That second factor for many people is primarily their smartphone. The most widely used 2FA process involves sending a code via text message to your mobile phone, which you then enter into the website you are trying to access. Some systems also use email to deliver codes for the same purpose.
The concept behind this process is that you have already confirmed that you own that smartphone when you provided the phone number to the site via your profile or other 2FA settings. (At that time, you were likely sent a code or link to validate that you have that phone in your possession.)
So here’s what happens when you try to access that website after setting up 2FA:
- You provide your username and password
- You are sent a code, via text or email depending on the option you selected when setting up 2FA.
- You enter that into the website to validate you are the rightful account owner
- You get access to your account.
While this is better than just depending on a single password, it is not the most secure method of providing a second factor of authentication. Text messages and emails are sent in plaint text — in other words unencrypted — and therefore could be intercepted along the way and possibly used to gain unauthorized access into an account.