What is two-step authentication?
It is very unpleasant to imagine, even for a moment, a situation in which an outsider gains access to your personal account on a PC. After all, in this case, the attacker can:
- view personal correspondence;
- copy photos intended only for a narrow circle of people;
- contact friends on your behalf to ask them for money or send them malware;
- reset passwords to take over your accounts in social networks or services you have paid for;
- finally, get access to bank cards.
As a result, it can not only deprive you of funds, but also discredit you in the eyes of friends or colleagues. To prevent this from happening, it is recommended that you protect your accounts with two-step or two-factor authentication. Let’s consider their types and differences between them.
How two-step authentication works
Two-factor authentication is a two-step or two-step process for protecting your accounts: entering a password and verifying your login with additional methods/devices/apps.
The principle of operation of two-step authentication is that after successfully entering the password, the system offers to proceed to the next confirmation step.
Note. Some users and even developers equate two-step and two-factor authentication. However, there are significant differences between them.
- Stages, steps of two-factor authentication can include the same factor, such as entering a password. And in multi-factor authentication, the factors are different. Read more about the factors in the article “Twо-factor authentication”.
- Unlike two-factor authentication (2FA), two-step authentication (2SV) activates the next step only if the first step is successfully completed. That is, two-step authentication is much weaker than two-factor authentication, where the attacker cannot be sure that one of the steps was completed successfully. However, if the second stage is chosen correctly, the 2SV method can be quite reliable. But for enhanced protection, we recommend enabling 2FA on all services where support is available from the services used.
What are the ways to confirm the second stage
The best-known two-step authentication methods today are collected in the following list:
- SMS password.
- Voice call to phone.
- Phone confirmation.
- Mobile applications that generate one-time codes.
- Tokens or hardware security keys.
Let’s consider how they work, their pros and cons.
SMS password
The principle of operation of this protection is simple: after entering the login and password, the service offers to enter a code from SMS, which is sent to the number registered in the account. Today, SMS is the least effective means of verification due to the development of social engineering.
What to do if I do not receive an SMS when connecting two-step authentication? This is usually a technical problem that can be solved in the following ways:
- make sure that you entered the number correctly, that you did not make a mistake in the code, number;
- maybe you need to remove the spaces between the numbers or, conversely, add them (check the number specification format in the instructions);
- check if you have not put your iPhone in flight mode;
- clear the phone’s memory, sometimes SMS are not received due to the limitation of the number of messages;
- try restarting the device (helps in many cases);
- check the functionality of the SIM card (sometimes old cards still accept calls, but not SMS), if necessary, replace it.
A call to the phone
This method is often used by banking services to confirm transactions. They operate according to the following principle:
- The user receives a voice message with instructions, for example, to enter a few digits from the incoming number.
- Or you may be asked to confirm the transaction by pressing a number during the call.
The reliability of this method is conditional, for the reason indicated in the previous block.
Phone confirmation
In this case, the user will need a smartphone that supports the latest versions of Android (the pop-up window feature) or an iPhone 5S (seventh generation) if you want to enable two-step authentication on Apple. Unlike codes, messages in this case appear in a pop-up window where you need to perform an action by following the prompts. You’ll also need Bluetooth turned on — it’s needed by the services to determine how far the phone is from your computer where you’re signing in. Therefore, when prompted by the corresponding service, turn it on.
Mobile applications that generate one-time codes
Each service that supports this method of two-step authentication usually offers the user a list of supported applications. The most popular of them are:
- Google Authenticator;
- Microsoft Authenticator;
- Duo Mobile.
Also, some services can support their own developments.
Tokens or hardware USB security keys
This is one of the newest and most reliable tools available today, suitable for both two-step and multi-factor authentication. In essence, the key is an identity card, so it can be used with or instead of a password. Using such a key is very simple: just insert it into a USB socket or connect to the device via NFC and touch the key. The principle of operation of hardware keys is that they generate closed ciphers (or electronic signature) directly on the device and transmit their open part to services that request a password after user authorization.
Decrypting the private key is extremely difficult, hackers will need the physical key itself, time and expensive equipment. Considering that if the key disappears, the owner will have time to reset the passwords and reset the protection, hardware keys remain the most reliable way to protect accounts today.
The best tokens are the YubiKey keys from Yubico – they can generate one-time passwords and support asymmetric encryption. This is the choice of such large companies as Google and Facebook, which use security keys to protect the accounts of their employees. In addition, these tools are already supported by thousands of services.
How to enable two-step authentication on different services
Consider the connection of two-step authentication on the most popular services. If the app you’re using doesn’t appear on the list, try to find a way to enable two-factor authentication using the instructions below. Or contact your service support.
Two-step authentication in Google services
Google services are the most popular in the world, including: search engine, translator, cloud storage (Google Drive) and YouTube. Gmail is less popular, but without registering in it, access to some services is limited. In addition, two-step authentication on Gmail is available, it is connected automatically in the Google account settings, so users can be sure that hackers will not gain access to their other accounts by resetting the password on mail.
To protect your Google account, two-step authentication is recommended by the service itself during registration or authorization on new devices. The instructions for today offer the following solutions:
- one-time password in a text message;
- the password in the voice message during the call;
- confirmation using a smartphone;
- password generated in applications;
- Yubikey security USB keys.
To enable two-factor authentication, either follow the provided prompts during registration, or if you choose to do so later, log in and find the “Security” tab in the left panel of your account.
Next, in the “Sign in to a Google Account” section, select the “Two-step authentication” section and click “Get Started”. Now you can choose the most convenient authentication method for you and use it by following the prompts on the screen.
Regarding two-step authentication settings on YouTube and other popular Google applications, it is done automatically when you enable two-step authentication in your Google account.
Two-step authentication in Telegram
Telegram is considered one of the most secure messengers. After a failure in the Facebook social network, 70 million users joined it in a short time. However, the protection of the Telegram accounts themselves is not very reliable, as it is carried out through SMS login confirmation on new devices. Therefore, it is recommended to install an additional one. Telegram supports another password as a second step.
The way to connect two-step authentication to Telegram is as follows: “Privacy” — > “Two-step authentication”. You will then be prompted to enter a password and confirm it. Then add an active mail, and you need to confirm additional actions after receiving the code. After that, you will see that the password has been successfully set.
We recommend that you change this password from time to time, and also protect the mail, to which you can recover a forgotten password with the help of YubiKeys. If, of course, you use Gmail as a mail service.
Also, just in case, hide your Telegram number from view. So that attackers cannot find out which number the account is opened for, intercept SMS or forge a SIM card.
Two-step authentication on Binance
Binance is the world’s leading digital asset trading exchange. On this platform, you can enter into agreements on the purchase and sale of cryptocurrency, engage in investments, charity and much more. Of course, accounts on this platform need reliable protection, so there are several methods of two-step authentication on Binance.
- Own application that generates one-time codes.
- Phone confirmation.
- Confirmation by mail.
- YubiKey security keys.
The method of connecting two-step authentication here is similar to the previous ones: after authorization in the profile, you need to find the “Security” tab, and then choose the most suitable option for you.
Results
- Two-factor authentication is a more secure account protection than passwords.
Services and services offer different ways to protect accounts and can be found in your profile settings, usually under the “Security” section.
The most reliable way of protection is YubiKey hardware keys.
If you want to know more about YubiKey keys, go to the page with their description or contact our managers!