What is two-factor authentication?

Two-factor authentication is a name for any login or entry system which requires two different methods of identifying yourself. It’s one of the most recommended security features for online accounts, and for good reason.

Having 2FA in place helps to protect your accounts from password brute-force attacks, social engineering, and phishing – which often pops up in emails – and secures your private logins against attackers who are looking to exploit lost, stolen or weak credentials.

You probably already have 2FA in place for your online banking account, but it can also be put in place for a whole host of other accounts, from Email servers to WordPress Hosting.

Types of two-factor authentication

Many online services now offer two-factor authentication (2FA) as standard, and there are plenty of different methods to choose from.

1. Generating codes

The most popular method is by using an authenticator app to generate codes.

Using this method, once you’ve set up your app of choice (the most popular being Google Authenticator or Authy), you’ll be asked to enter an authentication code after filling in your password. These codes are based on the time, with an algorithm determining their outcome.

Both the website you’re logging into and the authenticator app know what the algorithm is, so they'll be able to determine if you’ve entered the correct code. This means this method will also work even if your mobile device is offline.

For older phones, most services also offer an option to text a verification code to a phone when a login attempt is made.

2. Biometrics

Another increasingly widespread option is the use of biometrics, such as fingerprint scanning. Modern smartphones often come equipped with a fingerprint scanner, so requiring a recognised print to be used when logging into a service can reduce unauthorised logins.

3. Physical keys

Physical keys such as Yubikey are another option for the security-conscious. They look like a USB stick, and are plugged into the device being used to log in as a form of authorisation.

When to use two-factor authentication

The short answer: as much as you possibly can! Think of it like this – if you walk into your house and lock the door behind you, why not use the chain, too? It doesn’t take much extra effort, and if somebody manages to pick your lock, they’d still not be able to enter your house.

Ensure that your personal information and accounts are protected from unauthorised access through the use of 2FA.

Is two-factor authentication secure?

2FA relies on you having access to the device you’ve set it up on. It’s an extra layer of security on top of your primary login method – in most cases, a password. It’s the most sure-fire way of preventing access to your accounts in the case that someone gets hold of your password.

Another benefit of two-factor authentication is its convenience. While there could be a foolproof method to prevent unauthorised account access, it’s no use if it’s such a hassle that nobody decides to use it. As most people are likely to have a mobile device on hand when they need to log in to something, it’s no extra effort to enter the 2FA code.

With an authenticator app, the only way an unauthorised user can get into your account is if they have access to the device and the app itself. As the generated codes are time-based, it wouldn’t be enough for them to have a screenshot of the code – they’d need to see the app within the same minute of the password being entered.

Can two-factor authentication be compromised?

If there’s no malware on your device, it’s unlikely that a hacker will be able to get access to your two-factor authentication codes using traditional hacking methods.

How hackers can access your 2FA

The most common way attackers get access to a two-factor authentication method is through social engineering. When the two-factor authentication method involves sending a text to the user’s mobile phone, hackers have been known to call up the user’s phone company and have their mobile number transferred to their own account. This then allows them to receive the texts containing the authorisation code to their own phone.

Another common way that attackers can get hold of authentication codes is by contacting the user directly. A phone scam on the rise involves a caller posing as an organisation such as a bank, and feigning ‘security questions’ to gain the trust of the user.

As a final ‘verification technique’, the hacker will ask the user to read the code that was just sent to their phone. At the same time, they will initiate the login process to one of their accounts, triggering the 2FA code to be sent – which the victim might then read out to the attacker.

How to prevent hackers from accessing your 2FA

It’s unlikely to happen, but you can prevent a hacker accessing your 2FA code by asking your mobile phone provider to require a spoken password from you to make changes to your contract.

It also pays to be vigilant about incoming calls from unknown locations, and if you’re in doubt about who’s calling you, it’s usually best to hang up and call the organisation they’re claiming to be back.

The benefits of two-factor authentication

Why should you start to use two-factor authentication on your accounts? Well, there are many great benefits to 2FA, and they might just change your mind, so let us run through them:

It’s convenient: A major benefit of two-factor authentication is its convenience. As most people are likely to have a mobile device on hand when they need to log in to something, it’s no extra effort to enter the 2FA code.

It’s straightforward: Setting up a two-factor authentication is straightforward – just scan a QR code with your authenticator app, and the service will be added. Then, each time you log in, you just enter the code. You can also set it up so ‘trusted devices’ such as your private home computer won’t ask for a code every time.

It will increase security: Undoubtedly the largest benefit of two-factor authentication is that your security is massively increased. Not only does it minimise the chances of a hacker being able to access your personal accounts, but it’ll put your mind at ease too. Knowing that there are two layers of security, rather than just a single password protecting your information, will help you to feel properly secure.

Is two-factor authentication all I need?

Two-factor authentication works best as part of a whole. You shouldn’t disregard the security of your password just because you have two-factor authentication in place – while the chain can prevent your house being broken into, it’s less effective if the hacker finds the key under your doormat. Learn how to choose a strong password.

The mobile device you use as your primary 2FA device should also be properly secured, with a passcode and/or the biometric methods available on many of the latest mobile phones. That way, if your mobile phone goes missing or is stolen, it’ll be more difficult for someone else to use your two-factor authentication methods.

We suggest setting up two-factor authentication wherever you can – including for your Fasthosts Control Panel. You can now use an authenticator app to add an extra layer of protection to your account, adding to our already strong security measures. Prevent unauthorised logins and keep your projects even safer.

See our help article for more information and to find out how to enable 2FA for your Fasthosts account.