Security - 2-Factor Authentication
Two-Factor Authentication (2-FA) is a login security mechanism that adds an extra layer of protection to your online accounts by requiring two different types of verification before granting access. This enhances security so that even if someone gains access to your password, they won't be able to log in without the second, physical factor of authentication, eg. Mobile device. Here's a basic guide to setting up and using 2-FA:
1. Choose an Authenticator App on your device:
Select a reputable 2-FA authenticator app from your device's app store. Some popular options include Microsoft Authenticator or Google Authenticator.
2. Enable 2-FA on the account you want secured:
Log in to the online account you want to secure. Look for the security or account settings, where you should find an option to enable 2-FA. This is often labelled as "Two-Factor Authentication," "Two-Step Verification," or something similar.
3. Scan the QR Code:
After selecting 2-FA, the website or app will likely provide a QR code. Open your chosen authenticator app on your mobile device and use its camera to scan the code. This will set up the account within the app.
4. Save Backup Codes (Optional but highly recommended):
Some services provide backup codes. These are one-time-use codes that you can use to log in if you can't access your authenticator app. Store these codes in a safe place, preferably offline. They're a crucial backup if you lose your device.
5. Enter the Verification Code:
Once you've scanned the QR code, the authenticator app will generate a time-based verification code for that account. This code changes every 30 seconds. Enter this code into the account's 2-FA setup page to verify and complete the setup.
6. Verify the Setup:
After entering the verification code, the website or app will often ask you to confirm that 2-FA is working correctly. This usually involves entering another verification code generated by the authenticator app.
7. Test the Setup:
Log out of your account and try logging back in. When prompted for your password, you'll also need to enter the current verification code from your authenticator app.
8. Use 2-FA for Account Access:
From now on, whenever you log in to your account, you'll need to provide both your password and the current verification code from your authenticator app.
9. Managing Multiple Accounts:
If you have multiple accounts using 2-FA, your authenticator app will list them. Each account will have a unique verification code that refreshes every 30 seconds.
10. Lost or New Device:
If you lose your device or get a new one, you'll need to set up 2-FA again on the new device. This typically involves scanning the QR codes again or using backup codes.
Note: Remember that 2-FA significantly enhances your account security, but it's not entirely fool proof. Make sure to always use strong, unique passwords for your accounts, and consider using a password manager to keep track of them. Also, be cautious of phishing attempts that might try to trick you into revealing your verification codes.
2FA via Text / SMS
Although Text / SMS is often offered as a 2FA option, it has been breached enough times to be no longer considered sufficiently secure. Our advice is to use a leading authenticator app.
Multi-factor authentication takes two-factor authentication one step further by requiring multiple factors for account access. This could include something like a combination of biometric data like fingerprints or facial recognition plus a code sent via text message or email address. The advantage of MFA over 2FA is that it requires more than just one factor for authentication which makes it much harder for someone to gain access even if they have managed to get hold of all the information required for 2FA.