Two-factor authentication (TFA) may seem complex, but it’s actually a simple way to make your accounts secure from all but the most persistent attackers. TFA is just what it
sounds like: instead of just a password paired with your username, you must provide a second component obtained by immediate physical access. The key to TFA is that it requires something you know (your password), and something you have (token, fingerprint, etc.). This ensures that even if your password gets compromised, an attacker doesn’t have the second necessary item to gain access.
TFA comes in a few common forms including: a USB thumb-drive or cellphone app that uses an algorithm to generate a one-time passcode which changes every few minutes, or (recently becoming more available), biometrics such as fingerprint recognition.
Why should you use TFA? Simply put, it’s reasonably easy for an attacker to get someone’s password or steal a cellphone, but it is very unlikely that an attacker would be able to obtain both from the same potential victim. TFA is an extremely important security tool, and should be required for your email account and password manager, because they are the proverbial keys-to-the-castle of your online world.
Some banks are implementing a ‘security image’ which may seem like TFA. However, the security image is there to help you identify a malicious website redirecting your browser, rather than to protect your account from unauthorized access, and is not a suitable replacement for TFA.
Google Authenticator, Yubikey, your fingerprints or SMS based tokens are all great options to help you keep your online presence safe and enabling these features are usually inexpensive or free. If you haven’t already, please take look at your important accounts to see if TFA is an option.