Protect Your Online Accounts with Two-Factor Authentication
By Robert Townsend on September 11, 2018
Background-
Majority of people today have many different online accounts like: Facebook, Instagram, Twitter, banking accounts, email, etc. Each of these accounts have information about your personal life. The information within these accounts are what hackers look for when figuring out a potential avenue into your private life. Credentials that are compromised is the leading cause for hacked accounts. “According to Verizon’s 2015 Data Breach Investigations Report, 95% of security incidents involved stealing credentials from customer devices and using them for web applications.” A password by itself, is a sure way of being vulnerable to exploitation. Securing these accounts should be something everyone learns to do to protect themselves. Two-factor authentication is one of the quickest and easiest ways to do this.
Two-factor authentication:
A great and easy way to improve the security of your online accounts is with something called, “Two-Factor Authentication” (2FA). What is that? Well, two-factor authentication is a security feature that requires a second form of authentication to be used, along with your password. By requiring something you know – like a username and password, along with something you have – like an app, token, or SMS message, you have added an extra layer of protection to your online accounts. Some of the things that 2FA protects yourself from are: social engineering, phishing, and brute-force password attacks. The problem with 2FA is that not many people use or know about it. With just a few clicks within your account settings you can activate two-factor authentication (2FA).
Explanation on how to turn on 2FA on Facebook:
Fig 1 – Source: https://www.facebook.com/help/148233965247823
Types of 2FA:
As you can see from the above instructions on how to activate 2FA, there are different types of authenticator methods. Each of them has benefits that may suit your needs.
SMS 2FA:
One of the methods of using two-factor authentication is via SMS. This authentication method is used in conjunction with your cell phone. It allows the web application to send you a text message, normally with a 6-digit code. This, paired with your password, will allow yourself to log into your online account.
Fig 2 – Source: https://www.grahamcluley.com/protect-facebook-account-2-step-verification-2sv/
Phone Callbacks:
No SMS, no problem. Phone callbacks is another option that many companies use to help their customers secure their online accounts. This method is used when SMS is not available. The number that is associated with your online account is called and through the call you will either be given a PIN number or asked to press a certain key on your phone as the second form of authentication.
Security Hardware Token:
This type of 2FA method is normally a small key fob for convenience. This hardware device is sent a six-digit one-time password (OTP) which is changed/refreshed every 60 seconds. The example below is known as an RSA SecurID token which leverage AES-128 encryption algorithm and are tamper-resistant. This helps prevent reverse-engineering. This method requires client software and drivers.
Figure 3 – Source: http://www.tokenguard.com/RSA-SecurID-SID700.asp
Security Software Token:
This 2FA option is application-based, which makes it more convenient to some. The way it works is you would download an authenticator app and it will generate a six to eight-digit number. You would use these numbers in conjunction with your username and password. A good example of this authentication type is an app called, Google Authenticator.
Figure 4 – Source: https://medium.com/@richb_/easy-two-factor-authentication-2fa-with-google-authenticator-php-108388a1ea23
U2F Device:
U2F (Universal 2nd Factor) is an open authentication method that uses a specialized USB device without the need for client software or drivers. This method was created by Google and is deployed on many large-scale services, including Facebook, Dropbox, GitHub, Gmail, etc.
Figure 5 – Source: https://www.yubico.com/product/security-key-by-yubico/
The use process is simple, you insert the device into a USB slot in your computer, then authenticate with a simple touch of the button.
Conclusion:
Online accounts need to be protected with more than just a password. Two-factor authentication allows for a defense-in-depth approach by using two different methods of authentication. By requiring your password with one of the methods above, this protects you from being hacked with stolen credentials since it requires a second form of authentication. There are many other types of 2FA methods but the ones above are well-known approaches that are recommended, along with a strong password.
Sources:
https://www.portalguard.com/two-factor-authentication/best-practices.html
http://www.dlt.com/blog/2017/03/02/best-practices-mfa/
https://safenet.gemalto.com/multi-factor-authentication/strong-authentication-best-practices/
https://venturebeat.com/2017/09/24/a-guide-to-common-types-of-two-factor-authentication/
https://www.facebook.com/help/148233965247823
https://duo.com/product/trusted-users/two-factor-authentication
https://www.yubico.com/product/security-key-by-yubico/
http://www.tokenguard.com/RSA-SecurID-SID700.asp
-
Russia’s Cyber Strategies
Russia’s Cyber Strategies
12/2/2021 -
The Next Generation and Cyber Security
The Next Generation and Cyber Security
12/2/2021 -
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
Syniverse Short Message Service (SMS) Hack and Two Factor Authentication
12/2/2021