Why Two-Factor Authentication is Worth the Effort
Yesterday afternoon, Twitter announced that a bug in their systems left passwords for all of their 336 million users unmasked in an internal company log file. The bug is now fixed, and there is no evidence of a breach or unauthorized use, but this is a great reminder of how our passwords can be easily exposed. All Twitter users should immediately change their passwords.
As part of our previously recommended cyber-attack prevention tips, we’d like to highlight how Two-Factor Authentication can protect you from even the most serious breaches.
What is Two-Factor Authentication (2FA)?
Also called Multi-Factor Authentication (MFA) in some services, 2FA requires an additional step to log into an account. This typically means you must input an additional code received via text message or a mobile app. When enabled, a user of a compromised password cannot access your account without also having possession of your mobile device and these secondary credentials.
This does require extra effort when logging in, but with 2FA turned on, an exposed password is worthless to anyone that cannot also access your mobile phone or tablet.
How do I use 2FA?
Using Twitter’s website as an example:
- Click your profile image and select “Settings and privacy”
- From the “Account” page you will see this section:
- After clicking this button, you will be able to select from several options on this screen:
- You may choose to use text messages, a mobile security app, or both to secure your account.
All of your favorite web services should offer this type of additional login protection and it should at least be enabled on your most sensitive accounts like email, banking, and social media.
EVAN Your IT Guy is more than just a great source of technology information; we have EVANs waiting to meet your IT needs right now.