Why two-factor authentication is so important

Once upon a time, a strong password was enough to keep your data safe. But just as cyber criminals have become more sophisticated, so must we. Here’s why two-factor authentication is essential.

• What is two-factor authentication? It’s a form of login that requires both a password, and a secondary verification on another device.
• How secure is two-factor authentication? With two layers of verification required, it’s much more secure than a password alone — but not infallible.
• What are USB hardware security keys? Just like your car key, these USB devices act as a physical layer of security. They are probably the best form of two-factor authentication.

Security has long been an undervalued asset on the web. We blithely store our most private data online and store it behind a single lock. A cyber criminal only needs to find your email address and guess your password to start dismantling your digital world. That is, unless you enable two-factor authentication, or 2FA.

Here’s a look at the importance of 2FA and how you can enable it.

Two-factor authentication

Keep out the hackers

Over the years, cyber criminals have become better at guessing passwords. If you use common words or too few characters, a rogue agent will almost certainly break in. It’s just a matter of time.

The easiest way to protect yourself is to enable two-factor authentication, or 2FA. This option is available on most major sites nowadays, including Facebook, Google and Twitter.

2FA on Google

With 2FA enabled, you have to verify your identity on a secondary device in order to gain entry to your account. This system is designed to deter would-be hackers.

How to enable 2FA

On most websites, you can enable 2FA under settings. If there is a separate security section, look there.

Two locks are stronger than one

When you enable the option, you will be able to choose how you want to use 2FA. For instance, you can opt to receive an SMS containing a one-time code.

Alternatively, you could install an authentication app such as Authy, or Google Authenticator. These work in a similar vein, but through digital means. In addition, they are less easy for hackers to access than SMS messages.

Authy

The other main option is to use a physical key. When you choose this option, no-one will be able to access your account without having your specific dongle connected.

At present, USB keys are mostly aimed at high-risk targets — politicians, journalists, and so on. However, they can be purchased by anyone and they provide the very best protection currently available.

Here are three USB keys worth buying:

YubiKey 4 USB Authentication Key

YubiKey 4

To verify your identity with YubiKey 4, you simply plug in the device and touch the gold contact. It doesn’t require network access or power, and this stylish device works on macOS, Windows, Linux, and Chrome OS.

Price: $40 USD

YubiKey 4C Nano USB-C Authentication Key

YubiKey 4C Nano

If you need something even smaller, the YubiKey 4C Nano should be your first choice. This tiny USB-C device is designed to live in your computer, with only the smallest protrusion outside the port. It’s also small enough to carry in your wallet, crush resistant, and completely waterproof.

Price: $60 USD

Google Titan Security Key

Google Titan key (Credit: CNET)

This newly released offering from Google offers authentication via Bluetooth, meaning you can use it with your mobile devices. It’s a little larger than some other devices, but it works with all your favorite services.

Price: $50 USD

Enable 2FA today

Even if you use strong passwords, we highly recommend using 2FA. Most cyber criminals won’t even try to hack your account if two-factor authentication is enabled.

Have any other good online security tips? Share them in the comments!