2FA is a real thing. Passwords are frangible walls keeping unauthorized hackers far away from your accounts. Preserving our digital wallet containing hard-earned dollars is our keen concern in the 21st century. In response to these protective measures, 2FA is the most famous yet effective defense available.
Two-factor authorization is often shortened as 2FA and it is basically a secure login that is required as a second “separate” factor beyond the password (as the second piece of information). So this independent piece of information is a code (which expires in a few minutes) and it is delivered by a device that is under your control – say, your mobile phone. This doesn’t mean it is an SMS-generated code, it could be biometric, such as fingerprints.
Please note that you might have heard about interchangeable terms such as multi-factor authentication or two-step verification, but in this guide, we will focus only on 2FA.
In the modern world of cyber attacks, where password breaches are more frequent on a larger base – and it continually takes place – your precious information is sold for minimal bucks and swapped in the dark web market (or hacker forums).
The motives of hackers could ideally be:
Email accounts are most worthy, why? This is because your emails are the second source for your (potential) accounts recovery. Here’s how the mechanics work when your account is likely to fall for a hijacking:
These regular phish-y emails disrupt the email services, where enabling 2FA is deemed to be useful (especially for emails). Make sure to check if your favorite service works in liaison with Twofactorauth.org, where you can follow the handy instructions to Turn On 2FA.
This is one of the painless ways to access your device, but it is as trustable as your network. This option is useless when you travel around the globe or where there are network issues. When you log in to your account, you receive a “ping” on your device, containing a treasure i.e. a confirmation code that could expire if it remains unused. You need to enter the code when you’re prompted while logging in.
Illustration – One of the hackers convinced Verizon to redirect phone messages to a newer sim card on a remote device, this person is none other than Deray McKesson, BLM activist. The interception was made easy by enabling SMS-based 2FA.
Did you notice that the password guesswork was much of a pain as compared to SMS-based 2FA? Instead of hackers, looking for your physical device, they are looking for remote attacks of stealing your number instead, how? Tricking people is easy. Just in case, if you are wondering how the sim swap works, here is a guide for you: https://www.efani.com/blog/everything-about-sim-swap/
In order to turn on 2FA for Gmail, you have to click on the top right corner (account icon) which will give you an option to open my account, then you can click on sign-in & security while signing into your Google you can click on two-step verification to get things started.
Punch in your seven digits’ number once your device has been registered. You have the option not to use your number, as you can remove it subsequently. For confirmation you will enter the code sent on your device. Now you can use SMS-based 2FA.
Unsurprisingly, the most popular method is the least secure. Wait a minute – what? Trust me, the juicy details won’t end here. SMS-based 2FA has too many insecure vulnerabilities deprecating the SMS 2FA use.
If you lose your device and your precious SMS-based 2FA is within it, this means you lost it all, especially when you do not have 2FA recovery codes, correct?
Indeed, therein lays the rub.
People can obtain these valuable short-lived codes in numerous ways (as listed in the next segment). Sim cloning makes it easier for hackers to obtain not your smartphone but your valuable connections, money (subverting SMS 2FA on crypto accounts) and even worse – blackmailing. SS7 phony protocol intercepts make things easier for the hacker who can get rid of all in a few seconds and hack YOU.
Privacy is precious. There are many options such as Authy, Duo Mobile, Google Authenticator, etc. that work well with the temporary code generation. This is where multifactor authentication helps, where multiple authentications could be attached to web services. They work well without the network as well. These solutions cannot be easily intercepted either, unlike SMS-based solutions.
In order to activate the authenticator app, you need to download it (per your choice). You have an option to select from Authy to Google authenticator or Duo Mobile. You can scroll down to the authenticator app, where you can click set-up on the 2-step verification page. If you want to register a new service, you will need to scan a barcode that displays on your screen.
This doesn’t mean that multifactor authentication is an absolute answer but these could be entered into phony websites with the premise to steal your login details. We need to think ahead.
These are efficient USB-based (physical options to attack with your device) used for account authentication. The most successful and popular (yet cheaper) ones are Yubikey giving you a sense of security for 20 bucks only. In order to set Yubikey as an option, you first need to purchase it and scroll down to security keys where you can see an option to add a security key. You can rename your newly registered device and physically insert it to Yubikey to tap it when prompted.
NOTE – it is a little expensive to afford Type-C Yubikeys which are used for the Macbooks 2016 and beyond. For USB 2.0 and 3.o port holders, you have the option to use security keys with a Type-C USB adapter.
This is easy when you just have to attach your device or insert a security key to the trusted device instead of typing regular codes. Their resistance to phishing attacks makes them popular amongst all. Okay, so the problem is you will want to use Yubikeys for everything, but they cannot be used everywhere. These are used to login into Dropbox, Facebook, Google, and major other browsers.
If, on a bad day, you lose your authenticator app or security key you have the option to use backup codes. You need to scroll down to backup (numeric) codes and click on set up. Keep these valuable codes.
You can also use a password generator for your accounts, as a second you can secure your device as well.
Since everything roams around sim swapping, every second, 3 Americans like you become a victim of cyber-criminals from across the world. Criminals are trading your personal information such as where you live, who you live or work with, your call and SMS records, and your family and relatives' information. All of this is sold for as little as 20 cents. Criminals use your personal information to steal your number & get into your accounts to drain your finances, disrupt your business and destroy your reputation. We guarantee you protection against these criminals & back it with a $5M Insurance Policy. Our proprietary technology provides 11 layers of client-side integrity, privacy, and authentication.